CVE-2014-4218

MEDIUM

Description

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.

References

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html

http://marc.info/?l=bugtraq&m=140852886808946&w=2

http://marc.info/?l=bugtraq&m=140852974709252&w=2

http://rhn.redhat.com/errata/RHSA-2015-0264.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/59404

http://secunia.com/advisories/59680

http://secunia.com/advisories/59924

http://secunia.com/advisories/59985

http://secunia.com/advisories/59986

http://secunia.com/advisories/59987

http://secunia.com/advisories/60081

http://secunia.com/advisories/60129

http://secunia.com/advisories/60245

http://secunia.com/advisories/60317

http://secunia.com/advisories/60485

http://secunia.com/advisories/60622

http://secunia.com/advisories/60812

http://secunia.com/advisories/60817

http://secunia.com/advisories/61577

http://secunia.com/advisories/61640

http://security.gentoo.org/glsa/glsa-201502-12.xml

http://www-01.ibm.com/support/docview.wss?uid=swg21680334

http://www-01.ibm.com/support/docview.wss?uid=swg21686383

http://www-01.ibm.com/support/docview.wss?uid=swg21686824

http://www.debian.org/security/2014/dsa-2980

http://www.debian.org/security/2014/dsa-2987

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/68583

http://www.securitytracker.com/id/1030577

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

https://access.redhat.com/errata/RHSA-2014:0902

https://access.redhat.com/errata/RHSA-2014:0908

https://exchange.xforce.ibmcloud.com/vulnerabilities/94599

Details

Source: MITRE

Published: 2014-07-17

Updated: 2018-10-09

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:jdk:1.5.0:update_65:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_75:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.5.0:update_65:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_75:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*

Tenable Plugins

View all (42 total)

ID	Name	Product	Family	Severity
82241	Debian DLA-96-1 : openjdk-6 security update	Nessus	Debian Local Security Checks	high
81505	RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264) (POODLE)	Nessus	Red Hat Local Security Checks	critical
81370	GLSA-201502-12 : Oracle JRE/JDK: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
80046	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)	Nessus	SuSE Local Security Checks	critical
80045	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1645-1)	Nessus	SuSE Local Security Checks	critical
79865	VMware Security Updates for vCenter Server (VMSA-2014-0012)	Nessus	Misc.	critical
79864	VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0012)	Nessus	Windows	critical
79109	RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2014:0908)	Nessus	Red Hat Local Security Checks	critical
79036	RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2014:0902)	Nessus	Red Hat Local Security Checks	critical
78330	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-387)	Nessus	Amazon Linux Local Security Checks	high
78326	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-383)	Nessus	Amazon Linux Local Security Checks	high
77724	Ubuntu 14.04 LTS : openjdk-7 update (USN-2319-3)	Nessus	Ubuntu Local Security Checks	high
77387	Ubuntu 14.04 LTS : openjdk-7 regression (USN-2319-2)	Nessus	Ubuntu Local Security Checks	high
77333	AIX Java Advisory : java_jul2014_advisory.asc	Nessus	AIX Local Security Checks	critical
77319	SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9615)	Nessus	SuSE Local Security Checks	critical
77282	Puppet Enterprise 3.3.0 Bundled Oracle Java Vulnerabilities	Nessus	CGI abuses	critical
77274	Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-2319-1)	Nessus	Ubuntu Local Security Checks	high
77273	SuSE 11.3 Security Update : IBM Java 1.7.0 (SAT Patch Number 9616)	Nessus	SuSE Local Security Checks	critical
77181	Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2312-1)	Nessus	Ubuntu Local Security Checks	high
77143	RHEL 7 : java-1.7.1-ibm (RHSA-2014:1042)	Nessus	Red Hat Local Security Checks	critical
77142	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:1041)	Nessus	Red Hat Local Security Checks	critical
77083	RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1036)	Nessus	Red Hat Local Security Checks	high
77081	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:1033)	Nessus	Red Hat Local Security Checks	critical
76998	SuSE 11.3 Security Update : openjdk (SAT Patch Number 9543)	Nessus	SuSE Local Security Checks	critical
76887	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:141)	Nessus	Mandriva Local Security Checks	high
76842	Debian DSA-2987-1 : openjdk-7 - security update	Nessus	Debian Local Security Checks	high
76689	Debian DSA-2980-1 : openjdk-6 - security update	Nessus	Debian Local Security Checks	high
8332	Oracle Java Update (July 2014) Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
76681	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/srpm/x86_64	Nessus	Scientific Linux Local Security Checks	high
76680	RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2014:0907)	Nessus	Red Hat Local Security Checks	high
76631	Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2014-0907)	Nessus	Oracle Linux Local Security Checks	high
76623	CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2014:0907)	Nessus	CentOS Local Security Checks	high
76552	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
76551	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
76548	Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2014-0890)	Nessus	Oracle Linux Local Security Checks	high
76547	Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2014-0889)	Nessus	Oracle Linux Local Security Checks	high
76538	CentOS 5 : java-1.7.0-openjdk (CESA-2014:0890)	Nessus	CentOS Local Security Checks	high
76537	CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2014:0889)	Nessus	CentOS Local Security Checks	high
76533	Oracle Java SE Multiple Vulnerabilities (July 2014 CPU) (Unix)	Nessus	Misc.	critical
76532	Oracle Java SE Multiple Vulnerabilities (July 2014 CPU)	Nessus	Windows	critical
76516	RHEL 5 : java-1.7.0-openjdk (RHSA-2014:0890)	Nessus	Red Hat Local Security Checks	high
76515	RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2014:0889)	Nessus	Red Hat Local Security Checks	high