PT-2014-1638 · Oracle+5 · Jrockit+8

Publicado

2014-10-14

Atualizado

2024-06-15

CVE-2014-6517

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Java SE versions 6u81, 7u67, and 8u20 Java SE Embedded version 7u60 Jrockit versions R27.8.3 and R28.3.3

Description The issue allows a remote attacker to compromise data confidentiality using the JAXP subcomponent.

Recommendations For Java SE versions 6u81, 7u67, and 8u20, update to a version that fixes this issue. For Java SE Embedded version 7u60, update to a version that fixes this issue. For Jrockit versions R27.8.3 and R28.3.3, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the JAXP subcomponent until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

BDU:2015-00556

CESA-2014_1620

CESA-2014_1634

CESA-2014_1636

CVE-2014-6517

DLA-96-1

DSA-3077-1

DSA-3080-1

HPSBUX03218

MGASA-2014-0422

OPENSUSE-SU-2024:10534-1

RHSA-2014:1620

RHSA-2014:1633

RHSA-2014:1634

RHSA-2014:1636

RHSA-2014:1657

RHSA-2014:1658

RHSA-2014_1620

RHSA-2014_1633

RHSA-2014_1634

RHSA-2014_1636

RHSA-2014_1657

RHSA-2014_1658

USN-2386-1

USN-2388-1

USN-2388-2

Produtos afetados

Centos

Hp-Ux

Java Platform

Java Se

Java Se Embedded

Jrockit

Red Hat

Suse

Ubuntu

PT-2014-1638 · Oracle+5 · Jrockit+8

CVE-2014-6517

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 475