CVE-2014-0423
OpenJDK: XXE issue in decoder (Beans, 8023245)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.
Vulnerabilidad no especificada en Oracle Java SE 50.u55, 6u65 y 7u45; JRockit R27.7.7 y R28.2.9; y Java SE Embedded 7u45 permite a usuarios remotos autenticados afectar la confidencialidad y disponibilidad a través de vectores desconocidos relacionados con Beans.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-12 CVE Reserved
- 2014-01-15 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (36)
URL | Tag | Source |
---|---|---|
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5 | X_refsource_confirm | |
http://secunia.com/advisories/56432 | Third Party Advisory | |
http://secunia.com/advisories/56485 | Third Party Advisory | |
http://secunia.com/advisories/56486 | Third Party Advisory | |
http://secunia.com/advisories/56487 | Third Party Advisory | |
http://secunia.com/advisories/56535 | Third Party Advisory | |
http://secunia.com/advisories/59283 | Third Party Advisory | |
http://secunia.com/advisories/60568 | Third Party Advisory | |
http://www-01.ibm.com/support/docview.wss?uid=swg21677388 | X_refsource_confirm | |
http://www-01.ibm.com/support/docview.wss?uid=swg21679287 | X_refsource_confirm | |
http://www.securityfocus.com/bid/64758 | Vdb Entry | |
http://www.securityfocus.com/bid/64914 | Vdb Entry | |
http://www.securitytracker.com/id/1029608 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/90340 | Vdb Entry | |
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Jrockit Search vendor "Oracle" for product "Jrockit" | r27.7.7 Search vendor "Oracle" for product "Jrockit" and version "r27.7.7" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jrockit Search vendor "Oracle" for product "Jrockit" | r28.2.9 Search vendor "Oracle" for product "Jrockit" and version "r28.2.9" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0" | update45 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.6.0 Search vendor "Oracle" for product "Jdk" and version "1.6.0" | update65 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.6.0 Search vendor "Oracle" for product "Jre" and version "1.6.0" | update65 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.5.0 Search vendor "Oracle" for product "Jdk" and version "1.5.0" | update55 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.5.0 Search vendor "Oracle" for product "Jre" and version "1.5.0" | update55 |
Affected
|