CVE-2014-6601

HIGH

Description

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

References

http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html

http://marc.info/?l=bugtraq&m=142496355704097&w=2

http://marc.info/?l=bugtraq&m=142607790919348&w=2

http://rhn.redhat.com/errata/RHSA-2015-0068.html

http://rhn.redhat.com/errata/RHSA-2015-0079.html

http://rhn.redhat.com/errata/RHSA-2015-0080.html

http://rhn.redhat.com/errata/RHSA-2015-0085.html

http://rhn.redhat.com/errata/RHSA-2015-0086.html

http://www.debian.org/security/2015/dsa-3144

http://www.debian.org/security/2015/dsa-3147

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.securityfocus.com/bid/72132

http://www.securitytracker.com/id/1031580

http://www.ubuntu.com/usn/USN-2486-1

http://www.ubuntu.com/usn/USN-2487-1

http://www.vmware.com/security/advisories/VMSA-2015-0003.html

https://security.gentoo.org/glsa/201507-14

https://security.gentoo.org/glsa/201603-14

Details

Source: MITRE

Published: 2015-01-21

Updated: 2019-04-22

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:oracle:jdk:1.6.0:update_85:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update_72:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update_25:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_85:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_72:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_25:*:*:*:*:*:*

Tenable Plugins

View all (45 total)

ID	Name	Product	Family	Severity
700649	Oracle Java SE 5 < Update 81 / 6 < Update 91 / 7 < Update 75 / 8 < Update 31 Multiple Vulnerabilities (January 2015 CPU) (POODLE)	Nessus Network Monitor	Web Clients	critical
89907	GLSA-201603-14 : IcedTea: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
84719	GLSA-201507-14 : Oracle JRE/JDK: Multiple vulnerabilities (POODLE)	Nessus	Gentoo Local Security Checks	critical
83699	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:0503-1) (POODLE)	Nessus	SuSE Local Security Checks	critical
83186	VMware vCenter Server Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)	Nessus	Misc.	critical
82899	VMware vCenter Chargeback Manager Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)	Nessus	Windows	critical
82742	VMware Workspace Portal Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)	Nessus	Misc.	critical
82741	VMware Horizon View Multiple Vulnerabilities (VMSA-2015-0003) (VMSA-2015-0008) (POODLE)	Nessus	Windows	critical
82707	VMware vCenter Operations Management Windows JRE Update 1.7.0_76-b13 (VMSA-2015-0003) (POODLE)	Nessus	Misc.	critical
82706	VMware vCenter Operations Management vApp JRE Update 1.7.0_76-b13 (VMSA-2015-0003) (POODLE)	Nessus	Misc.	critical
82705	VMware vCenter Operations Management Linux JRE Update 1.7.0_76-b13 (VMSA-2015-0003) (POODLE)	Nessus	Misc.	critical
82684	Mandriva Linux Security Advisory : java-1.8.0-openjdk (MDVSA-2015:198)	Nessus	Mandriva Local Security Checks	critical
82140	Debian DLA-157-1 : openjdk-6 security update (POODLE)	Nessus	Debian Local Security Checks	critical
81419	SuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10286)	Nessus	SuSE Local Security Checks	critical
81326	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-480) (POODLE)	Nessus	Amazon Linux Local Security Checks	critical
8899	Oracle Java SE 6 < Update 86 / 7 < Update 73 / 8 < Update 26 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
81233	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2015:033)	Nessus	Mandriva Local Security Checks	critical
81141	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2015:0190-1) (POODLE)	Nessus	SuSE Local Security Checks	critical
81111	Debian DSA-3147-1 : openjdk-6 - security update (POODLE)	Nessus	Debian Local Security Checks	critical
81090	Debian DSA-3144-1 : openjdk-7 - security update (POODLE)	Nessus	Debian Local Security Checks	critical
81045	Ubuntu 14.04 LTS / 14.10 : openjdk-7 vulnerabilities (USN-2487-1) (POODLE)	Nessus	Ubuntu Local Security Checks	critical
81043	Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2486-1) (POODLE)	Nessus	Ubuntu Local Security Checks	critical
81015	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20150126) (POODLE)	Nessus	Scientific Linux Local Security Checks	critical
81014	RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0086) (POODLE)	Nessus	Red Hat Local Security Checks	critical
81013	RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0085) (POODLE)	Nessus	Red Hat Local Security Checks	critical
81011	Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-0085) (POODLE)	Nessus	Oracle Linux Local Security Checks	critical
81005	CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:0085) (POODLE)	Nessus	CentOS Local Security Checks	critical
80932	RHEL 6 : java-1.8.0-oracle (RHSA-2015:0080) (POODLE)	Nessus	Red Hat Local Security Checks	critical
80931	RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0079) (POODLE)	Nessus	Red Hat Local Security Checks	critical
80922	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-472) (POODLE)	Nessus	Amazon Linux Local Security Checks	critical
80921	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-471) (POODLE)	Nessus	Amazon Linux Local Security Checks	critical
80908	Oracle Java SE Multiple Vulnerabilities (January 2015 CPU) (POODLE)	Nessus	Windows	critical
80907	Oracle Java SE Multiple Vulnerabilities (January 2015 CPU) (Unix) (POODLE)	Nessus	Misc.	critical
80904	Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20150121) (POODLE)	Nessus	Scientific Linux Local Security Checks	critical
80903	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20150121) (POODLE)	Nessus	Scientific Linux Local Security Checks	critical
80902	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20150121) (POODLE)	Nessus	Scientific Linux Local Security Checks	critical
80901	Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2015-0069) (POODLE)	Nessus	Oracle Linux Local Security Checks	critical
80900	Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-0068) (POODLE)	Nessus	Oracle Linux Local Security Checks	critical
80899	Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-0067) (POODLE)	Nessus	Oracle Linux Local Security Checks	critical
80882	RHEL 6 : java-1.8.0-openjdk (RHSA-2015:0069) (POODLE)	Nessus	Red Hat Local Security Checks	critical
80881	RHEL 5 : java-1.7.0-openjdk (RHSA-2015:0068) (POODLE)	Nessus	Red Hat Local Security Checks	critical
80880	RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:0067) (POODLE)	Nessus	Red Hat Local Security Checks	critical
80870	CentOS 6 : java-1.8.0-openjdk (CESA-2015:0069) (POODLE)	Nessus	CentOS Local Security Checks	critical
80869	CentOS 5 : java-1.7.0-openjdk (CESA-2015:0068) (POODLE)	Nessus	CentOS Local Security Checks	critical
80868	CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:0067) (POODLE)	Nessus	CentOS Local Security Checks	critical