PT-2014-1264 · Oracle+4 · Java Development Kit+7

Publicado

2014-01-15

·

Atualizado

2024-03-12

·

CVE-2014-0387

CVSS v2.0

7.6

Alta

VetorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6u65 through 7u45 Java Development Kit (affected versions not specified) Java Runtime Environment (affected versions not specified)
Description The issue affects confidentiality, integrity, and availability. It is related to the Deployment subcomponent. Remote attackers can exploit this issue via unknown vectors. The vulnerability allows an attacker to compromise data confidentiality and integrity using the Deployment subcomponent.
Recommendations For Oracle Java SE versions 6u65 through 7u45, update to a version that is not affected by this issue. For Java Development Kit, restrict access to the Deployment subcomponent to minimize the risk of exploitation. For Java Runtime Environment, consider disabling the Deployment subcomponent until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Java Development Kit and Java Runtime Environment.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-461

Identificadores relacionados

BDU:2015-00012
BDU:2015-00013
CVE-2014-0387
HPSBUX02972
HPSBUX02973
RHSA-2014:0030
RHSA-2014:0134
RHSA-2014:0135
RHSA-2014:0414
RHSA-2014:0705
RHSA-2014:0982
RHSA-2014_0030
RHSA-2014_0134
RHSA-2014_0135
RHSA-2014_0414
RHSA-2014_0705
ROSA-SA-2024-2371

Produtos afetados

Hp-Ux
Ibm Aix
Java Development Kit
Java Platform
Java Runtime Environment
Java Se
Red Hat
Suse