New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.5
Synopsis
The remote AIX host has a version of Java SDK installed that is potentially affected by multiple vulnerabilities.
Description
The version of Java SDK installed on the remote host is potentially affected by the following vulnerabilities :
- There is an information disclosure flaw in libjpeg and libjpeg-turbo allowing remote attackers access to uninitialized memory via crafted JPEG images.
(CVE-2013-6629)
- A vulnerability in libpng allows denial of service attacks via a flaw in pngtran.c pngset.c.
(CVE-2013-6954)
- Vulnerabilities in Oracle Java allow remote code execution via flaws in 2D image handling.
(CVE-2014-0429, CVE-2014-2401, CVE-2014-2421)
- A vulnerability in Oracle Java allows remote code execution via a flaw in logger handling.
(CVE-2014-0446)
- Vulnerabilities in Oracle Java allow remote code execution via flaws in the Deployment subcomponent.
(CVE-2014-0448, CVE-2014-0449, CVE-2014-2409, CVE-2014-2420, CVE-2014-2428)
- A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in AWT.
(CVE-2014-0451, CVE-2014-2412)
- A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in W3CEndpointReference.java. (CVE-2014-0452)
- An information disclosure vulnerability in Oracle Java RSAPadding allows a remote attacker to view timing information protected by encryption. (CVE-2014-0452)
- A vulnerability in Oracle Java allows a remote attacker to modify the SIGNATURE_PRIMITIVE_SET through flaws in SignatureAndHalshAlgorithm and AlgorithmChecker.
(CVE-2014-0454)
- A vulnerability in Oracle Java allows remote code execution via a flaw in MethodHandles.java.
(CVE-2014-0455)
- A vulnerability in Oracle Java allows remote code execution via a flaw in exception handling.
(CVE-2014-0457)
- Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in JAX-WS.
(CVE-2014-0458, CVE-2014-2423)
- An unspecified vulnerability exists in Oracle Java via sandboxed applications.
(CVE-2014-0459)
- A vulnerability in Oracle Java allows remote attackers to conduct spoofing attacks via a flaw in the DnsClient component. (CVE-2014-0460)
- A vulnerability in Oracle Java allows remote code execution via a flaw in ScriptEngineManager.java.
(CVE-2014-0461)
- A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in the random number generation of cryptographic protection.
(CVE-2014-0878)
- A privilege escalation vulnerability in Oracle Java allows remote attacks to overwrite arbitrary files via a flaw in unpack200. (CVE-2014-1876)
- A vulnerability in Oracle Java allows remote code execution via a flaw in Javadoc. (CVE-2014-2398)
- A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in asynchronous channel handling across threads.
(CVE-2014-2402)
- Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in JAXB.
(CVE-2014-2414)
- A vulnerability in Oracle Java allows a remote attacker to bypass security features through flaws in Java sound libraries. (CVE-2014-2427)
Solution
Fixes are available by version and can be downloaded from the AIX website.