PT-2014-5061 · Ibm+1 · Java Runtime Environment+1

Published

2014-08-07

·

Updated

2017-08-29

·

CVE-2014-3068

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions IBM Java Runtime Environment (JRE) versions 5.0 through 5.0.16.6 IBM Java Runtime Environment (JRE) versions 6.0 through 6.0.16.0 IBM Java Runtime Environment (JRE) versions 6.1 through 6.1.8.0 IBM Java Runtime Environment (JRE) versions 7.0 through 7.0.7.0 IBM Java Runtime Environment (JRE) versions 7.1 through 7.1.1.0
Description The issue allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.
Recommendations For IBM Java Runtime Environment (JRE) versions 5.0 through 5.0.16.6, update to version 5.0.16.7 or later. For IBM Java Runtime Environment (JRE) versions 6.0 through 6.0.16.0, update to version 6.0.16.1 or later. For IBM Java Runtime Environment (JRE) versions 6.1 through 6.1.8.0, update to version 6.1.8.1 or later. For IBM Java Runtime Environment (JRE) versions 7.0 through 7.0.7.0, update to version 7.0.7.1 or later. For IBM Java Runtime Environment (JRE) versions 7.1 through 7.1.1.0, update to version 7.1.1.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2014-3068
RHSA-2014:1033
RHSA-2014:1036
RHSA-2014:1041
RHSA-2014:1042
RHSA-2014_1033
RHSA-2014_1036
RHSA-2014_1041
RHSA-2014_1042
RHSA-2015:0264

Affected Products

Java Runtime Environment
Red Hat