PT-2014-1638 · Oracle+5 · Jrockit+8

Published

2014-10-14

Updated

2024-06-15

CVE-2014-6517

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Java SE versions 6u81, 7u67, and 8u20 Java SE Embedded version 7u60 Jrockit versions R27.8.3 and R28.3.3

Description The issue allows a remote attacker to compromise data confidentiality using the JAXP subcomponent.

Recommendations For Java SE versions 6u81, 7u67, and 8u20, update to a version that fixes this issue. For Java SE Embedded version 7u60, update to a version that fixes this issue. For Jrockit versions R27.8.3 and R28.3.3, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the JAXP subcomponent until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-00556

CESA-2014_1620

CESA-2014_1634

CESA-2014_1636

CVE-2014-6517

DLA-96-1

DSA-3077-1

DSA-3080-1

HPSBUX03218

MGASA-2014-0422

OPENSUSE-SU-2024:10534-1

RHSA-2014:1620

RHSA-2014:1633

RHSA-2014:1634

RHSA-2014:1636

RHSA-2014:1657

RHSA-2014:1658

RHSA-2014_1620

RHSA-2014_1633

RHSA-2014_1634

RHSA-2014_1636

RHSA-2014_1657

RHSA-2014_1658

USN-2386-1

USN-2388-1

USN-2388-2

Affected Products

Centos

Hp-Ux

Java Platform

Java Se

Java Se Embedded

Jrockit

Red Hat

Suse

Ubuntu

PT-2014-1638 · Oracle+5 · Jrockit+8

CVE-2014-6517

Weakness Enumeration

Related Identifiers

Affected Products

References · 475