PT-2014-1252 · Oracle+4 · Oracle Java Se+7

Published

2014-01-15

·

Updated

2022-05-13

·

CVE-2014-0424

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Java Development Kit (affected versions not specified) Java Runtime Environment (affected versions not specified) Oracle Java SE (affected versions not specified)
Description The issue is related to a vulnerability in the Java Development Kit, Java Runtime Environment, and Oracle Java SE, specifically with the Deployment subcomponent. This vulnerability allows a remote attacker to compromise the confidentiality and integrity of data. The vulnerability can also affect the availability of data.
Recommendations For Java Development Kit, consider disabling the Deployment subcomponent until a patch is available. For Java Runtime Environment, restrict access to the Deployment subcomponent to minimize the risk of exploitation. For Oracle Java SE, avoid using the Deployment subcomponent in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-461

Related Identifiers

BDU:2014-00471
BDU:2014-00472
BDU:2014-00473
BDU:2014-00474
BDU:2014-00475
BDU:2014-00476
CVE-2014-0424
HPSBUX02972
HPSBUX02973
RHSA-2014:0030
RHSA-2014:0134
RHSA-2014:0135
RHSA-2014:0414
RHSA-2014:0705
RHSA-2014:0982
RHSA-2014_0030
RHSA-2014_0134
RHSA-2014_0135
RHSA-2014_0414
RHSA-2014_0705

Affected Products

Hp-Ux
Ibm Aix
Java Development Kit
Java Platform
Java Runtime Environment
Oracle Java Se
Red Hat
Suse