PT-2014-1274 · Oracle+6 · Java Se Embedded+9

Published

2014-04-15

·

Updated

2024-06-15

·

CVE-2014-0429

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions JRockit versions R27.8.1 through R28.3.1 Java SE versions 5.0u61 through 8 Java SE Embedded version 7u51
Description The issue allows a remote attacker to compromise the confidentiality and integrity of data using the 2D subcomponent. This can be achieved through unknown vectors related to the 2D subcomponent, potentially affecting the availability of the system.
Recommendations For JRockit versions R27.8.1 through R28.3.1, consider disabling the 2D subcomponent as a temporary workaround until a patch is available. For Java SE versions 5.0u61 through 8, restrict access to the 2D subcomponent to minimize the risk of exploitation. For Java SE Embedded version 7u51, avoid using the 2D subcomponent in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-461

Related Identifiers

BDU:2015-00031
BDU:2015-00032
BDU:2015-00033
CESA-2014_0406
CESA-2014_0408
CVE-2014-0429
DSA-2912-1
DSA-2923-1
HPSBUX03092
MGASA-2014-0189
OPENSUSE-SU-2024:10534-1
RHSA-2014:0406
RHSA-2014:0407
RHSA-2014:0408
RHSA-2014:0412
RHSA-2014:0413
RHSA-2014:0414
RHSA-2014:0486
RHSA-2014:0508
RHSA-2014:0509
RHSA-2014:0675
RHSA-2014:0685
RHSA-2014:0705
RHSA-2014:0982
RHSA-2014_0406
RHSA-2014_0407
RHSA-2014_0408
RHSA-2014_0412
RHSA-2014_0413
RHSA-2014_0414
RHSA-2014_0486
RHSA-2014_0508
RHSA-2014_0509
RHSA-2014_0675
RHSA-2014_0685
RHSA-2014_0705
USN-2187-1
USN-2191-1

Affected Products

Centos
Hp-Ux
Ibm Aix
Jrockit
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu