CVE-2014-3065

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.

References

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html

http://rhn.redhat.com/errata/RHSA-2014-1876.html

http://rhn.redhat.com/errata/RHSA-2014-1877.html

http://rhn.redhat.com/errata/RHSA-2014-1880.html

http://rhn.redhat.com/errata/RHSA-2014-1881.html

http://rhn.redhat.com/errata/RHSA-2014-1882.html

http://rhn.redhat.com/errata/RHSA-2015-0264.html

http://www.securityfocus.com/bid/71147

http://www-01.ibm.com/support/docview.wss?uid=swg1IV66044

http://www-01.ibm.com/support/docview.wss?uid=swg1IV66045

http://www-01.ibm.com/support/docview.wss?uid=swg21688283

https://bugzilla.redhat.com/show_bug.cgi?id=1162554

Details

Source: MITRE

Published: 2014-12-02

Updated: 2015-03-18

Type: CWE-94

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.16.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.5.0:*:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
119959SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2014:1541-1) (POODLE)NessusSuSE Local Security Checks
low
81505RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264) (POODLE)NessusRed Hat Local Security Checks
low
79635SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9999)NessusSuSE Local Security Checks
critical
79634SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9992)NessusSuSE Local Security Checks
critical
79626AIX Java Advisory : java_oct2014_advisory.asc (POODLE)NessusAIX Local Security Checks
critical
79379RHEL 6 : java-1.7.0-ibm (RHSA-2014:1882) (POODLE)NessusRed Hat Local Security Checks
low
79378RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1881) (POODLE)NessusRed Hat Local Security Checks
low
79377RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2014:1880) (POODLE)NessusRed Hat Local Security Checks
low
79352RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:1877) (POODLE)NessusRed Hat Local Security Checks
low
79351RHEL 5 : java-1.7.0-ibm (RHSA-2014:1876) (POODLE)NessusRed Hat Local Security Checks
medium