CVE-2014-2423

Name of the Vulnerable Software and Affected Versions Java Development Kit versions (affected versions not specified) Java Runtime Environment versions (affected versions not specified) Oracle Java SE and Java SE Embedded versions (affected versions not specified)

Description The issue is related to a vulnerability in the JAX-WS subcomponent, which allows a remote attacker to compromise the confidentiality, integrity, and availability of data. This vulnerability affects various Java-based platforms, including Java Development Kit, Java Runtime Environment, Oracle Java SE, and Java SE Embedded. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Java Development Kit, update to a version that includes a fix for the JAX-WS subcomponent vulnerability. For Java Runtime Environment, update to a version that includes a fix for the JAX-WS subcomponent vulnerability. For Oracle Java SE and Java SE Embedded, update to a version that includes a fix for the JAX-WS subcomponent vulnerability. As a temporary workaround, consider disabling the use of the JAX-WS subcomponent until a patch is available.