CVE-2014-4216

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Vendor Advisory
http://www.securityfocus.com/bid/68562
http://secunia.com/advisories/60245
http://www.debian.org/security/2014/dsa-2980
http://www.debian.org/security/2014/dsa-2987
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201502-12.xml
http://marc.info/?l=bugtraq&m=140852974709252&w=2
http://marc.info/?l=bugtraq&m=140852886808946&w=2
http://www.securitytracker.com/id/1030577
http://secunia.com/advisories/60812
http://secunia.com/advisories/60485
http://secunia.com/advisories/60129
https://exchange.xforce.ibmcloud.com/vulnerabilities/94591
https://access.redhat.com/errata/RHSA-2014:0908
https://access.redhat.com/errata/RHSA-2014:0902
http://www.securityfocus.com/archive/1/534161/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jdk:1.8.0:update5::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update60::::::
	cpe:2.3:a:oracle:jdk:1.5.0:update65::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update75::::::
	cpe:2.3:a:oracle:jre:1.5.0:update65::::::
	cpe:2.3:a:oracle:jre:1.6.0:update75::::::
	cpe:2.3:a:oracle:jre:1.8.0:update5::::::
	cpe:2.3:a:oracle:jre:1.7.0:update60::::::

Information

Published : 2014-07-16 22:10

Updated : 2022-05-13 07:57

NVD link : CVE-2014-4216

Mitre link : CVE-2014-4216

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

oracle

jdk
jre

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/68562", "name": "68562", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/60245", "name": "60245", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2014/dsa-2980", "name": "DSA-2980", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.debian.org/security/2014/dsa-2987", "name": "DSA-2987", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://seclists.org/fulldisclosure/2014/Dec/23", "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [], "refsource": "FULLDISC"}, {"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml", "name": "GLSA-201502-12", "tags": [], "refsource": "GENTOO"}, {"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2", "name": "HPSBUX03092", "tags": [], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2", "name": "HPSBUX03091", "tags": [], "refsource": "HP"}, {"url": "http://www.securitytracker.com/id/1030577", "name": "1030577", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/60812", "name": "60812", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/60485", "name": "60485", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/60129", "name": "60129", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94591", "name": "oracle-cpujul2014-cve20144216(94591)", "tags": [], "refsource": "XF"}, {"url": "https://access.redhat.com/errata/RHSA-2014:0908", "name": "RHSA-2014:0908", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2014:0902", "name": "RHSA-2014:0902", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-4216", "ASSIGNER": "secalert_us@oracle.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-07-17T05:10Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update60:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.5.0:update65:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update75:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.5.0:update65:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update75:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update60:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-05-13T14:57Z"}