CVE-2014-3068

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

References

http://rhn.redhat.com/errata/RHSA-2015-0264.html

http://www-01.ibm.com/support/docview.wss?uid=swg1IV66876

http://www-01.ibm.com/support/docview.wss?uid=swg1IV66894

http://www-01.ibm.com/support/docview.wss?uid=swg21691089

https://bugzilla.redhat.com/show_bug.cgi?id=1164201

https://exchange.xforce.ibmcloud.com/vulnerabilities/93756

Details

Source: MITRE

Published: 2014-12-02

Updated: 2017-08-29

Type: CWE-255

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:5.0.16.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:6.0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:java:7.0.5.0:*:*:*:*:*:*:*

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
81505RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264) (POODLE)NessusRed Hat Local Security Checks
low
77143RHEL 7 : java-1.7.1-ibm (RHSA-2014:1042)NessusRed Hat Local Security Checks
critical
77142RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:1041)NessusRed Hat Local Security Checks
critical
77083RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1036)NessusRed Hat Local Security Checks
high
77081RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:1033)NessusRed Hat Local Security Checks
critical