CVE-2014-4218

MEDIUM

Description

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.

References

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html

http://marc.info/?l=bugtraq&m=140852886808946&w=2

http://marc.info/?l=bugtraq&m=140852974709252&w=2

http://rhn.redhat.com/errata/RHSA-2015-0264.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/59404

http://secunia.com/advisories/59680

http://secunia.com/advisories/59924

http://secunia.com/advisories/59985

http://secunia.com/advisories/59986

http://secunia.com/advisories/59987

http://secunia.com/advisories/60081

http://secunia.com/advisories/60129

http://secunia.com/advisories/60245

http://secunia.com/advisories/60317

http://secunia.com/advisories/60485

http://secunia.com/advisories/60622

http://secunia.com/advisories/60812

http://secunia.com/advisories/60817

http://secunia.com/advisories/61577

http://secunia.com/advisories/61640

http://security.gentoo.org/glsa/glsa-201502-12.xml

http://www.debian.org/security/2014/dsa-2980

http://www.debian.org/security/2014/dsa-2987

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/68583

http://www.securitytracker.com/id/1030577

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www-01.ibm.com/support/docview.wss?uid=swg21680334

http://www-01.ibm.com/support/docview.wss?uid=swg21686383

http://www-01.ibm.com/support/docview.wss?uid=swg21686824

https://access.redhat.com/errata/RHSA-2014:0902

https://access.redhat.com/errata/RHSA-2014:0908

https://exchange.xforce.ibmcloud.com/vulnerabilities/94599

Details

Source: MITRE

Published: 2014-07-17

Updated: 2020-09-08

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.5.0:update_65:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_75:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update60:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.5.0:update_65:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_75:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*

Tenable Plugins

View all (42 total)

IDNameProductFamilySeverity
82241Debian DLA-96-1 : openjdk-6 security updateNessusDebian Local Security Checks
high
81505RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264) (POODLE)NessusRed Hat Local Security Checks
critical
81370GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
80046openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)NessusSuSE Local Security Checks
critical
80045openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1)NessusSuSE Local Security Checks
critical
79865VMware Security Updates for vCenter Server (VMSA-2014-0012)NessusMisc.
critical
79864VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0012)NessusWindows
critical
79109RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2014:0908)NessusRed Hat Local Security Checks
critical
79036RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2014:0902)NessusRed Hat Local Security Checks
critical
78330Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-387)NessusAmazon Linux Local Security Checks
high
78326Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-383)NessusAmazon Linux Local Security Checks
high
77724Ubuntu 14.04 LTS : openjdk-7 update (USN-2319-3)NessusUbuntu Local Security Checks
high
77387Ubuntu 14.04 LTS : openjdk-7 regression (USN-2319-2)NessusUbuntu Local Security Checks
high
77333AIX Java Advisory : java_jul2014_advisory.ascNessusAIX Local Security Checks
critical
77319SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9615)NessusSuSE Local Security Checks
critical
77282Puppet Enterprise 3.3.0 Bundled Oracle Java VulnerabilitiesNessusCGI abuses
critical
77274Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-2319-1)NessusUbuntu Local Security Checks
high
77273SuSE 11.3 Security Update : IBM Java 1.7.0 (SAT Patch Number 9616)NessusSuSE Local Security Checks
critical
77181Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2312-1)NessusUbuntu Local Security Checks
high
77143RHEL 7 : java-1.7.1-ibm (RHSA-2014:1042)NessusRed Hat Local Security Checks
critical
77142RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:1041)NessusRed Hat Local Security Checks
critical
77083RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1036)NessusRed Hat Local Security Checks
high
77081RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:1033)NessusRed Hat Local Security Checks
critical
76998SuSE 11.3 Security Update : openjdk (SAT Patch Number 9543)NessusSuSE Local Security Checks
critical
76887Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:141)NessusMandriva Local Security Checks
high
76842Debian DSA-2987-1 : openjdk-7 - security updateNessusDebian Local Security Checks
high
8332Oracle Java Update (July 2014) Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
76689Debian DSA-2980-1 : openjdk-6 - security updateNessusDebian Local Security Checks
high
76681Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/srpm/x86_64 (20140721)NessusScientific Linux Local Security Checks
high
76680RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2014:0907)NessusRed Hat Local Security Checks
high
76631Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2014-0907)NessusOracle Linux Local Security Checks
high
76623CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2014:0907)NessusCentOS Local Security Checks
high
76552Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20140716)NessusScientific Linux Local Security Checks
high
76551Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20140716)NessusScientific Linux Local Security Checks
high
76548Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2014-0890)NessusOracle Linux Local Security Checks
high
76547Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2014-0889)NessusOracle Linux Local Security Checks
high
76538CentOS 5 : java-1.7.0-openjdk (CESA-2014:0890)NessusCentOS Local Security Checks
high
76537CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2014:0889)NessusCentOS Local Security Checks
high
76533Oracle Java SE Multiple Vulnerabilities (July 2014 CPU) (Unix)NessusMisc.
critical
76532Oracle Java SE Multiple Vulnerabilities (July 2014 CPU)NessusWindows
critical
76516RHEL 5 : java-1.7.0-openjdk (RHSA-2014:0890)NessusRed Hat Local Security Checks
high
76515RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2014:0889)NessusRed Hat Local Security Checks
high