CVE-2014-0423

 

Published at: - 15-01-2014 05:08

Last modified: - 13-05-2022 04:57

Total changes: - 2

Description

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:P/I:N/A:P

 

Verification logic

 

Reference

• http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
• 64758-
• https://bugzilla.redhat.com/show_bug.cgi?id=1053066
• 1029608-
• 56487-
• http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5
• 64914-
• 56432-
• 56485-
• 56535-
• 56486-
• openSUSE-SU-2014:0177-
• USN-2089-1-
• RHSA-2014:0097-
• SUSE-SU-2014:0266-
• openSUSE-SU-2014:0174-
• USN-2124-1-
• SUSE-SU-2014:0246-
• RHSA-2014:0136-
• RHSA-2014:0134-
• RHSA-2014:0027-
• RHSA-2014:0026-
• openSUSE-SU-2014:0180-
• RHSA-2014:0135-
• RHSA-2014:0030-
• SSRT101454-
• SSRT101455-
• SUSE-SU-2014:0451-
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
• http://www-01.ibm.com/support/docview.wss?uid=swg21679287
• http://www-01.ibm.com/support/docview.wss?uid=swg21677388
• 60568-
• 59283-
• oracle-cpujan2014-cve20140423(90340)-
• RHSA-2014:0414-

 

Keywords

NVD

 

CVE-2014-0423

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures