PT-2014-5059 · Ibm+2 · Java Runtime Environment+3
Published
2014-10-26
·
Updated
2015-03-18
·
CVE-2014-3065
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM Java Runtime Environment (JRE) versions 7.0.0 through 7.1.2.0
IBM Java Runtime Environment (JRE) versions 7.0.0 through 7.0.8.0
IBM Java Runtime Environment (JRE) versions 6.0.0 through 6.1.8.2
IBM Java Runtime Environment (JRE) versions 6.0.0 through 6.0.16.2
IBM Java Runtime Environment (JRE) versions 5.0.0 through 5.0.16.8
Description
The issue allows local users to execute arbitrary code via vectors related to the shared classes cache. It is also related to the POODLE SSLv3 vulnerability and an additional unspecified vulnerability.
Recommendations
For versions 7.0.0 through 7.1.2.0, update to a version after 7.1.2.0.
For versions 7.0.0 through 7.0.8.0, update to a version after 7.0.8.0.
For versions 6.0.0 through 6.1.8.2, update to a version after 6.1.8.2.
For versions 6.0.0 through 6.0.16.2, update to a version after 6.0.16.2.
For versions 5.0.0 through 5.0.16.8, update to a version after 5.0.16.8.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Aix
Java Runtime Environment
Red Hat
Suse