PT-2015-3901 · Oracle+7 · Java Se Embedded+10

Ramon De C Valle

Published

2015-01-20

Updated

2024-06-15

CVE-2014-6593

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 5.0u75, 6u85, 7u72, and 8u25 Oracle Java SE Embedded versions 7u71 and 8u6 JRockit versions 27.8.4 and 28.3.4

Description The issue affects confidentiality and integrity, allowing remote attackers to exploit it via vectors related to JSSE.

Recommendations For Oracle Java SE versions 5.0u75, 6u85, 7u72, and 8u25, update to a version that is not affected by this issue. For Oracle Java SE Embedded versions 7u71 and 8u6, update to a version that is not affected by this issue. For JRockit versions 27.8.4 and 28.3.4, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to JSSE-related functionality until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2015_0067

CESA-2015_0069

CESA-2015_0085

CVE-2014-6593

DLA-157-1

DSA-3144-1

DSA-3147-1

HPSBUX03273

HPSBUX03281

MGASA-2015-0037

OPENSUSE-SU-2015_0190-1

OPENSUSE-SU-2024:10534-1

RHSA-2015:0067

RHSA-2015:0068

RHSA-2015:0069

RHSA-2015:0079

RHSA-2015:0080

RHSA-2015:0085

RHSA-2015:0086

RHSA-2015:0133

RHSA-2015:0134

RHSA-2015:0135

RHSA-2015:0136

RHSA-2015:0263

RHSA-2015:0264

RHSA-2015_0067

RHSA-2015_0068

RHSA-2015_0069

RHSA-2015_0079

RHSA-2015_0080

RHSA-2015_0085

RHSA-2015_0086

RHSA-2015_0133

RHSA-2015_0135

RHSA-2015_0136

SUSE-SU-2015:0503-1

USN-2486-1

USN-2487-1

Affected Products

Centos

Hp-Ux

Ibm Aix

Jrockit

Java Platform

Java Se

Java Se Embedded

Red Hat

Suse

Ubuntu

Vmware Vcenter

PT-2015-3901 · Oracle+7 · Java Se Embedded+10

CVE-2014-6593

Related Identifiers

Affected Products

References · 379