CVE-2014-2490

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Vendor Advisory
http://www.debian.org/security/2014/dsa-2980	Third Party Advisory
http://www.debian.org/security/2014/dsa-2987	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23	Mailing List Third Party Advisory
http://security.gentoo.org/glsa/glsa-201502-12.xml	Third Party Advisory
http://marc.info/?l=bugtraq&m=140852886808946&w=2	Third Party Advisory
http://www.securitytracker.com/id/1030577
http://www.securityfocus.com/bid/68645
http://secunia.com/advisories/60812
http://secunia.com/advisories/60485
http://secunia.com/advisories/60129
https://access.redhat.com/errata/RHSA-2014:0902
http://www.securityfocus.com/archive/1/534161/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:hp:hp-ux:b.11.31:::::::*
	cpe:2.3:o:hp:hp-ux:b.11.23:::::::*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:oracle:jdk:1.8.0:update5::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update60::::::
	cpe:2.3:a:oracle:jre:1.8.0:update5::::::
	cpe:2.3:a:oracle:jre:1.7.0:update60::::::

Information

Published : 2014-07-16 22:10

Updated : 2022-05-13 07:57

NVD link : CVE-2014-2490

Mitre link : CVE-2014-2490

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

debian

debian_linux

oracle

hp-ux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2014/dsa-2980", "name": "DSA-2980", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.debian.org/security/2014/dsa-2987", "name": "DSA-2987", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://seclists.org/fulldisclosure/2014/Dec/23", "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml", "name": "GLSA-201502-12", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2", "name": "HPSBUX03091", "tags": ["Third Party Advisory"], "refsource": "HP"}, {"url": "http://www.securitytracker.com/id/1030577", "name": "1030577", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/68645", "name": "68645", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/60812", "name": "60812", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/60485", "name": "60485", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/60129", "name": "60129", "tags": [], "refsource": "SECUNIA"}, {"url": "https://access.redhat.com/errata/RHSA-2014:0902", "name": "RHSA-2014:0902", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-2490", "ASSIGNER": "secalert_us@oracle.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-07-17T05:10Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update60:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update60:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-05-13T14:57Z"}

9.3 /10