Vulnerabilities > CVE-2014-2401
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 | |
| Application | 5 | |
| OS | 1 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_125137.NASL description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27021 published 2007-10-12 reporter This script is Copyright (C) 2007-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27021 title Solaris 9 (sparc) : 125137-97 NASL family Solaris Local Security Checks NASL id SOLARIS8_125136.NASL description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27008 published 2007-10-12 reporter This script is Copyright (C) 2007-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27008 title Solaris 8 (sparc) : 125136-97 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0412.NASL description Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 73608 published 2014-04-18 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73608 title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201502-12.NASL description The remote host is affected by the vulnerability described in GLSA-201502-12 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81370 published 2015-02-16 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81370 title GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_118669.NASL description JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85), 64bit. Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 19583 published 2005-09-06 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19583 title Solaris 9 (x86) : 118669-86 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_118669.NASL description JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85), 64bit. Date this patch was last updated by Sun : Apr/13/15 This plugin has been deprecated and either replaced with individual 118669 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 19580 published 2005-09-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19580 title Solaris 10 (x86) : 118669-86 (deprecated) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0509.NASL description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412, CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running instances of IBM Java must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 74032 published 2014-05-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74032 title RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:0509) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125138.NASL description JavaSE 6_x86: update 101 patch (equivalent. Date this patch was last updated by Sun : Jul/13/15 This plugin has been deprecated and either replaced with individual 125138 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26995 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26995 title Solaris 10 (x86) : 125138-97 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_125139.NASL description JavaSE 6_x86: update 101 patch (equivalent. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27034 published 2007-10-12 reporter This script is Copyright (C) 2007-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27034 title Solaris 9 (x86) : 125139-97 NASL family Solaris Local Security Checks NASL id SOLARIS8_118667.NASL description JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85), 64bit. Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 19456 published 2005-08-18 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19456 title Solaris 8 (sparc) : 118667-86 NASL family Windows NASL id IBM_NOTES_9_0_1_FP2.NASL description The remote host has a version of IBM Notes (formerly Lotus Notes) 9.0.x prior to 9.0.1 Fix Pack 2 (FP2) installed. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) last seen 2020-06-01 modified 2020-06-02 plugin id 77812 published 2014-09-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77812 title IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities NASL family Windows NASL id ORACLE_JAVA_CPU_APR_2014.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - Deployment - Hotspot - JAX-WS - JAXB - JAXP - JNDI - JavaFX - Javadoc - Libraries - Scripting - Security - Sound last seen 2020-06-01 modified 2020-06-02 plugin id 73570 published 2014-04-16 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73570 title Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0413.NASL description Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 12th May 2014] The package list in this erratum has been updated to make the packages available in the Oracle Java for Red Hat Enterprise Linux 6 Workstation x86_64 channels on the Red Hat Network. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79010 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79010 title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0413) NASL family Solaris Local Security Checks NASL id SOLARIS8_118666.NASL description JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85). Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 19455 published 2005-08-18 reporter This script is Copyright (C) 2005-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19455 title Solaris 8 (sparc) : 118666-86 NASL family Solaris Local Security Checks NASL id SOLARIS9_125136.NASL description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27020 published 2007-10-12 reporter This script is Copyright (C) 2007-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27020 title Solaris 9 (sparc) : 125136-97 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0414.NASL description Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 12th May 2014] The package list in this erratum has been updated to make the packages available in the Oracle Java for Red Hat Enterprise Linux 6 Workstation x86_64 channels on the Red Hat Network. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79011 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79011 title RHEL 5 / 6 : java-1.6.0-sun (RHSA-2014:0414) NASL family Solaris Local Security Checks NASL id SOLARIS10_118666.NASL description JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85). Date this patch was last updated by Sun : Apr/13/15 This plugin has been deprecated and either replaced with individual 118666 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 19443 published 2005-08-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19443 title Solaris 10 (sparc) : 118666-86 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_118668.NASL description JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85). Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 19457 published 2005-08-18 reporter This script is Copyright (C) 2005-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19457 title Solaris 8 (x86) : 118668-86 NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0732-1.NASL description IBM Java 5 was updated to SR 16 FP 6 to fix several bugs and security issues. Further information is available at: https://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP 6 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83625 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83625 title SUSE SLES10 Security Update : IBM Java 5 (SUSE-SU-2014:0732-1) NASL family Misc. NASL id VMWARE_VCENTER_VMSA-2014-0008.NASL description The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - The bundled version of Apache Struts contains a code execution flaw. Note that 5.0 Update 3c only addresses this vulnerability. (CVE-2014-0114) - The bundled tc-server / Apache Tomcat contains multiple vulnerabilities. (CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050) - The bundled version of Oracle JRE is prior to 1.7.0_55 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.5 of vCenter. last seen 2020-06-01 modified 2020-06-02 plugin id 77728 published 2014-09-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77728 title VMware Security Updates for vCenter Server (VMSA-2014-0008) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_118668.NASL description JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85). Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 19461 published 2005-08-18 reporter This script is Copyright (C) 2005-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19461 title Solaris 9 (x86) : 118668-86 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_125138.NASL description JavaSE 6_x86: update 101 patch (equivalent. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27033 published 2007-10-12 reporter This script is Copyright (C) 2007-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27033 title Solaris 9 (x86) : 125138-97 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_125139.NASL description JavaSE 6_x86: update 101 patch (equivalent. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27016 published 2007-10-12 reporter This script is Copyright (C) 2007-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27016 title Solaris 8 (x86) : 125139-97 NASL family Solaris Local Security Checks NASL id SOLARIS9_118666.NASL description JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85). Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 19459 published 2005-08-18 reporter This script is Copyright (C) 2005-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19459 title Solaris 9 (sparc) : 118666-86 NASL family Windows NASL id IBM_DOMINO_9_0_1_FP2.NASL description The version of IBM Domino (formerly Lotus Domino) installed on the remote host is 9.0.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) last seen 2020-06-01 modified 2020-06-02 plugin id 77811 published 2014-09-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77811 title IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE) NASL family Misc. NASL id ORACLE_JAVA_CPU_APR_2014_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - Deployment - Hotspot - JAX-WS - JAXB - JAXP - JNDI - JavaFX - Javadoc - Libraries - Scripting - Security - Sound last seen 2020-06-01 modified 2020-06-02 plugin id 73571 published 2014-04-16 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73571 title Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) (Unix) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0486.NASL description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 74005 published 2014-05-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74005 title RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:0486) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-140514.NASL description BM Java 6 was updated to version 6 SR16 to fix several security issues and various other bugs. More information can be found at: http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-05 modified 2014-06-03 plugin id 74284 published 2014-06-03 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74284 title SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 9256) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0705.NASL description Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR1 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76900 published 2014-07-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76900 title RHEL 7 : java-1.7.1-ibm (RHSA-2014:0705) NASL family Solaris Local Security Checks NASL id SOLARIS9_118667.NASL description JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85), 64bit. Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 19460 published 2005-08-18 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19460 title Solaris 9 (sparc) : 118667-86 NASL family Solaris Local Security Checks NASL id SOLARIS10_125137.NASL description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 This plugin has been deprecated and either replaced with individual 125137 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26985 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26985 title Solaris 10 (sparc) : 125137-97 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_125138.NASL description JavaSE 6_x86: update 101 patch (equivalent. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27015 published 2007-10-12 reporter This script is Copyright (C) 2007-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27015 title Solaris 8 (x86) : 125138-97 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125139.NASL description JavaSE 6_x86: update 101 patch (equivalent. Date this patch was last updated by Sun : Jul/13/15 This plugin has been deprecated and either replaced with individual 125139 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26996 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26996 title Solaris 10 (x86) : 125139-97 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_7_0-IBM-140515.NASL description IBM Java 7 was updated to version SR7, which received security and bug fixes. More information is available at: http://www.ibm.com/developerworks/java/jdk/aix/j764/Java7_64.fixes.htm l#SR7 last seen 2020-06-05 modified 2014-06-01 plugin id 74254 published 2014-06-01 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74254 title SuSE 11.3 Security Update : IBM Java 7 (SAT Patch Number 9263) NASL family Solaris Local Security Checks NASL id SOLARIS8_125137.NASL description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27009 published 2007-10-12 reporter This script is Copyright (C) 2007-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27009 title Solaris 8 (sparc) : 125137-97 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0508.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 74031 published 2014-05-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74031 title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:0508) NASL family Solaris Local Security Checks NASL id SOLARIS10_118667.NASL description JavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85), 64bit. Date this patch was last updated by Sun : Apr/13/15 This plugin has been deprecated and either replaced with individual 118667 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 19444 published 2005-08-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19444 title Solaris 10 (sparc) : 118667-86 (deprecated) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0982.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4, 5.5, and 5.6. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-0878, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) Users of Red Hat Network Satellite Server 5.4, 5.5, and 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 79039 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79039 title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2014:0982) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_118668.NASL description JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85). Date this patch was last updated by Sun : Apr/13/15 This plugin has been deprecated and either replaced with individual 118668 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 19450 published 2005-08-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19450 title Solaris 10 (x86) : 118668-86 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_125136.NASL description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 This plugin has been deprecated and either replaced with individual 125136 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26984 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26984 title Solaris 10 (sparc) : 125136-97 (deprecated) NASL family Windows NASL id VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0008.NASL description The version of VMware vCenter Update Manager installed on the remote Windows host is 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.7.0_55. last seen 2020-06-01 modified 2020-06-02 plugin id 77727 published 2014-09-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77727 title VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008) NASL family Misc. NASL id DOMINO_9_0_1_FP2.NASL description According to its version, the IBM Domino (formerly IBM Lotus Domino) application on the remote host is 9.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note that this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) last seen 2020-06-01 modified 2020-06-02 plugin id 77810 published 2014-09-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77810 title IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check) NASL family AIX Local Security Checks NASL id AIX_JAVA_APR2014_ADVISORY.NASL description The version of Java SDK installed on the remote host is potentially affected by the following vulnerabilities : - There is an information disclosure flaw in libjpeg and libjpeg-turbo allowing remote attackers access to uninitialized memory via crafted JPEG images. (CVE-2013-6629) - A vulnerability in libpng allows denial of service attacks via a flaw in pngtran.c pngset.c. (CVE-2013-6954) - Vulnerabilities in Oracle Java allow remote code execution via flaws in 2D image handling. (CVE-2014-0429, CVE-2014-2401, CVE-2014-2421) - A vulnerability in Oracle Java allows remote code execution via a flaw in logger handling. (CVE-2014-0446) - Vulnerabilities in Oracle Java allow remote code execution via flaws in the Deployment subcomponent. (CVE-2014-0448, CVE-2014-0449, CVE-2014-2409, CVE-2014-2420, CVE-2014-2428) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in AWT. (CVE-2014-0451, CVE-2014-2412) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in W3CEndpointReference.java. (CVE-2014-0452) - An information disclosure vulnerability in Oracle Java RSAPadding allows a remote attacker to view timing information protected by encryption. (CVE-2014-0452) - A vulnerability in Oracle Java allows a remote attacker to modify the SIGNATURE_PRIMITIVE_SET through flaws in SignatureAndHalshAlgorithm and AlgorithmChecker. (CVE-2014-0454) - A vulnerability in Oracle Java allows remote code execution via a flaw in MethodHandles.java. (CVE-2014-0455) - A vulnerability in Oracle Java allows remote code execution via a flaw in exception handling. (CVE-2014-0457) - Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in JAX-WS. (CVE-2014-0458, CVE-2014-2423) - An unspecified vulnerability exists in Oracle Java via sandboxed applications. (CVE-2014-0459) - A vulnerability in Oracle Java allows remote attackers to conduct spoofing attacks via a flaw in the DnsClient component. (CVE-2014-0460) - A vulnerability in Oracle Java allows remote code execution via a flaw in ScriptEngineManager.java. (CVE-2014-0461) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in the random number generation of cryptographic protection. (CVE-2014-0878) - A privilege escalation vulnerability in Oracle Java allows remote attacks to overwrite arbitrary files via a flaw in unpack200. (CVE-2014-1876) - A vulnerability in Oracle Java allows remote code execution via a flaw in Javadoc. (CVE-2014-2398) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in asynchronous channel handling across threads. (CVE-2014-2402) - Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in JAXB. (CVE-2014-2414) - A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in Java sound libraries. (CVE-2014-2427) last seen 2020-06-01 modified 2020-06-02 plugin id 76870 published 2014-07-28 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76870 title AIX Java Advisory : java_apr2014_advisory.asc NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_118669.NASL description JavaSE 5.0_x86: update 85 patch (equivalent to JDK 5.0u85), 64bit. Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 19582 published 2005-09-06 reporter This script is Copyright (C) 2005-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19582 title Solaris 8 (x86) : 118669-86
Redhat
| advisories |
| ||||||||
| rpms |
|
The Hacker News
| id | THN:F163E519BC7D66DC74B0794EF8746E50 |
| last seen | 2018-01-27 |
| modified | 2014-04-17 |
| published | 2014-04-16 |
| reporter | Wang Wei |
| source | https://thehackernews.com/2014/04/oracle-releases-critical-update-to.html |
| title | Oracle releases Critical Update to Patch 104 Vulnerabilities |
References
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/66911
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://secunia.com/advisories/59058
- http://www-01.ibm.com/support/docview.wss?uid=swg21676746
- http://secunia.com/advisories/58974
- https://www.ibm.com/support/docview.wss?uid=swg21675973
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- https://access.redhat.com/errata/RHSA-2014:0414
- https://access.redhat.com/errata/RHSA-2014:0413