CVE-2014-0428
OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Vulnerabilidad no especificada en Oracle Java SE 5.0u55, 6u65 y 7u45; y Java SE Embedded 7u45 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con CORBA.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-12-12 CVE Reserved
- 2014-01-15 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (31)
URL | Tag | Source |
---|---|---|
http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698 | X_refsource_misc | |
http://osvdb.org/101996 | Vdb Entry | |
http://secunia.com/advisories/56432 | Third Party Advisory | |
http://secunia.com/advisories/56485 | Third Party Advisory | |
http://secunia.com/advisories/56486 | Third Party Advisory | |
http://secunia.com/advisories/56535 | Third Party Advisory | |
http://www.securityfocus.com/bid/64758 | Vdb Entry | |
http://www.securityfocus.com/bid/64935 | Vdb Entry | |
http://www.securitytracker.com/id/1029608 | Vdb Entry | |
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.6.0 Search vendor "Oracle" for product "Jdk" and version "1.6.0" | update65 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.6.0 Search vendor "Oracle" for product "Jre" and version "1.6.0" | update65 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.5.0 Search vendor "Oracle" for product "Jdk" and version "1.5.0" | update55 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.5.0 Search vendor "Oracle" for product "Jre" and version "1.5.0" | update55 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0" | update45 |
Affected
|