PT-2014-1639 · Oracle+6 · Jrockit+9

Published

2014-10-14

Updated

2024-06-15

CVE-2014-6457

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0u71, 6u81, 7u67, and 8u20 Java SE Embedded version 7u60 JRockit versions R27.8.3, and R28.3.3

Description The issue affects confidentiality and integrity via vectors related to the JSSE component, allowing remote attackers to exploit it.

Recommendations For Oracle Java SE versions 5.0u71, 6u81, 7u67, and 8u20, update to a version that includes the fix for this issue. For Java SE Embedded version 7u60, update to a version that includes the fix for this issue. For JRockit versions R27.8.3, and R28.3.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the JSSE component until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-00557

BDU:2015-00591

CESA-2014_1620

CESA-2014_1634

CESA-2014_1636

CVE-2014-6457

DLA-96-1

DSA-3077-1

DSA-3080-1

HPSBUX03218

MGASA-2014-0422

OPENSUSE-SU-2024:10534-1

RHSA-2014:1620

RHSA-2014:1633

RHSA-2014:1634

RHSA-2014:1636

RHSA-2014:1657

RHSA-2014:1658

RHSA-2014:1876

RHSA-2014:1877

RHSA-2014:1880

RHSA-2014:1881

RHSA-2014:1882

RHSA-2014_1620

RHSA-2014_1633

RHSA-2014_1634

RHSA-2014_1636

RHSA-2014_1657

RHSA-2014_1658

RHSA-2014_1877

RHSA-2014_1880

RHSA-2014_1881

RHSA-2014_1882

RHSA-2015:0264

SUSE-SU-2014_1422-1

USN-2386-1

USN-2388-1

USN-2388-2

Affected Products

Centos

Hp-Ux

Ibm Aix

Jrockit

Java Platform

Java Se

Java Se Embedded

Red Hat

Suse

Ubuntu

PT-2014-1639 · Oracle+6 · Jrockit+9

CVE-2014-6457

Weakness Enumeration

Related Identifiers

Affected Products

References · 515