CVE-2014-2413

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.

References

http://marc.info/?l=bugtraq&m=140852886808946&w=2

http://rhn.redhat.com/errata/RHSA-2014-0675.html

http://security.gentoo.org/glsa/glsa-201502-12.xml

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

http://www.securityfocus.com/bid/66917

http://www.ubuntu.com/usn/USN-2187-1

https://access.redhat.com/errata/RHSA-2014:0413

Details

Source: MITRE

Published: 2014-04-16

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
81370GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
80046openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)NessusSuSE Local Security Checks
critical
80045openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1)NessusSuSE Local Security Checks
critical
79010RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0413)NessusRed Hat Local Security Checks
critical
77728VMware Security Updates for vCenter Server (VMSA-2014-0008)NessusMisc.
critical
77727VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008)NessusWindows
critical
76889RHEL 7 : java-1.7.0-openjdk (RHSA-2014:0675)NessusRed Hat Local Security Checks
critical
76727Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2014-0675)NessusOracle Linux Local Security Checks
critical
74078Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:100)NessusMandriva Local Security Checks
critical
74007SuSE 11.3 Security Update : OpenJDK (SAT Patch Number 9209)NessusSuSE Local Security Checks
critical
73868Debian DSA-2923-1 : openjdk-7 - security updateNessusDebian Local Security Checks
critical
73801Ubuntu 12.10 / 13.10 / 14.04 LTS : openjdk-7 vulnerabilities (USN-2187-1)NessusUbuntu Local Security Checks
critical
73655Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-327)NessusAmazon Linux Local Security Checks
critical
73608RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412)NessusRed Hat Local Security Checks
critical
73605Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2014-0407)NessusOracle Linux Local Security Checks
critical
73590Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140416)NessusScientific Linux Local Security Checks
critical
73589Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20140416)NessusScientific Linux Local Security Checks
critical
73586RHEL 5 : java-1.7.0-openjdk (RHSA-2014:0407)NessusRed Hat Local Security Checks
critical
73585RHEL 6 : java-1.7.0-openjdk (RHSA-2014:0406)NessusRed Hat Local Security Checks
critical
73583Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2014-0406)NessusOracle Linux Local Security Checks
critical
73579CentOS 5 : java-1.7.0-openjdk (CESA-2014:0407)NessusCentOS Local Security Checks
critical
73578CentOS 6 : java-1.7.0-openjdk (CESA-2014:0406)NessusCentOS Local Security Checks
critical
73571Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) (Unix)NessusMisc.
critical
73570Oracle Java SE Multiple Vulnerabilities (April 2014 CPU)NessusWindows
critical