CVE-2014-2397

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	Vendor Advisory
http://www.debian.org/security/2014/dsa-2912	Third Party Advisory
http://www.ubuntu.com/usn/USN-2191-1	Third Party Advisory
http://secunia.com/advisories/58415	Third Party Advisory
http://www.ubuntu.com/usn/USN-2187-1	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-32.xml	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201502-12.xml	Third Party Advisory
http://marc.info/?l=bugtraq&m=140852886808946&w=2	Issue Tracking Mailing List Third Party Advisory
http://www.securityfocus.com/bid/66893	Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2014-0685.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0675.html	Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0413	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:jdk:1.7.0:update51::::::
	cpe:2.3:a:oracle:jre:1.7.0:update51::::::
	cpe:2.3:a:oracle:jdk:1.8.0:-::::::
	cpe:2.3:a:oracle:jre:1.8.0:-::::::

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

Information

Published : 2014-04-15 18:55

Updated : 2022-05-13 07:57

NVD link : CVE-2014-2397

Mitre link : CVE-2014-2397

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

debian

debian_linux

canonical

ubuntu_linux

oracle

jdk
jre

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2014/dsa-2912", "name": "DSA-2912", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.ubuntu.com/usn/USN-2191-1", "name": "USN-2191-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/58415", "name": "58415", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/USN-2187-1", "name": "USN-2187-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "name": "GLSA-201406-32", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml", "name": "GLSA-201502-12", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2", "name": "SSRT101667", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://www.securityfocus.com/bid/66893", "name": "66893", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html", "name": "RHSA-2014:0685", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html", "name": "RHSA-2014:0675", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2014:0413", "name": "RHSA-2014:0413", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-2397", "ASSIGNER": "secalert_us@oracle.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-04-16T01:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-05-13T14:57Z"}