PT-2014-1640 · Oracle+6 · Jrockit+9

Published

2014-10-14

·

Updated

2024-06-15

·

CVE-2014-6512

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 5.0u71, 6u81, 7u67, and 8u20 Java SE Embedded version 7u60 JRockit versions R27.8.3 and R28.3.3
Description The issue allows a remote attacker to compromise data integrity using the Libraries subcomponent. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include unknown vectors related to Libraries.
Recommendations For Java SE versions 5.0u71, 6u81, 7u67, and 8u20, update to a version that is not affected by this issue. For Java SE Embedded version 7u60, update to a version that is not affected by this issue. For JRockit versions R27.8.3 and R28.3.3, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the Libraries subcomponent until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-00558
BDU:2015-00592
CESA-2014_1620
CESA-2014_1634
CESA-2014_1636
CVE-2014-6512
DLA-96-1
DSA-3077-1
DSA-3080-1
HPSBUX03218
MGASA-2014-0422
OPENSUSE-SU-2024:10534-1
RHSA-2014:1620
RHSA-2014:1633
RHSA-2014:1634
RHSA-2014:1636
RHSA-2014:1657
RHSA-2014:1658
RHSA-2014:1876
RHSA-2014:1877
RHSA-2014:1880
RHSA-2014:1881
RHSA-2014:1882
RHSA-2014_1620
RHSA-2014_1633
RHSA-2014_1634
RHSA-2014_1636
RHSA-2014_1657
RHSA-2014_1658
RHSA-2014_1877
RHSA-2014_1880
RHSA-2014_1881
RHSA-2014_1882
RHSA-2015:0264
USN-2386-1
USN-2388-1
USN-2388-2

Affected Products

Centos
Hp-Ux
Ibm Aix
Jrockit
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu