CVE-2014-0428

 

Published at: - 15-01-2014 05:08

Last modified: - 13-05-2022 04:57

Total changes: - 2

Description

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
• 64758-
• https://bugzilla.redhat.com/show_bug.cgi?id=1051519
• http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698
• 1029608-
• 64935-
• 101996-
• 56432-
• 56485-
• 56535-
• 56486-
• openSUSE-SU-2014:0177-
• USN-2089-1-
• RHSA-2014:0097-
• SUSE-SU-2014:0266-
• openSUSE-SU-2014:0174-
• USN-2124-1-
• SUSE-SU-2014:0246-
• RHSA-2014:0136-
• RHSA-2014:0134-
• RHSA-2014:0027-
• RHSA-2014:0026-
• openSUSE-SU-2014:0180-
• RHSA-2014:0135-
• RHSA-2014:0030-
• SSRT101454-
• SSRT101455-
• SUSE-SU-2014:0451-
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
• RHSA-2014:0414-

 

Keywords

NVD

 

CVE-2014-0428

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures