Summary
This host is installed with Oracle Java SE JRE and is prone to multiple unspecified vulnerabilities.
Impact
Successful exploitation will allow remote attackers to update, insert, or delete certain data, execute arbitrary code, conduct a denial of service and disclosure of potentially sensitive information.
Impact Level: System/Application.
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Insight
Multiple unspecified flaws exists,
- An error in the JMX subcomponent related to
share/classes/com/sun/jmx/remote/security/SubjectDelegator.java - An error related to the Hotspot subcomponent in
share/vm/classfile/classFileParser.hpp
- An error in the Libraries subcomponent related to share/classes/java/lang/reflect/Proxy.java and handling of interfaces passed to proxy methods.
- An error within the Swing subcomponent related to missing access restrictions imposed by the file choosers.
- An error in the Security subcomponent related to share/classes/java/security/Provider.java and instantiation of security services with non-public constructors.
- An error in the Diffie-Hellman key agreement within the Security subcomponent related to 'validateDHPublicKey' function in
share/classes/sun/security/util/KeyUtil.java
- An error in Libraries subcomponent within 'AtomicReferenceFieldUpdaterImpl' function in /java/util/concurrent/atomic/AtomicReferenceFieldUpdater.java - An error in the Security subcomponent related to share/classes/sun/security/rsa/RSACore.java and RSA 'blinding'.
Affected
Oracle Java SE 5 update 65 and prior, 6 update 75 and prior, 7 update 60 and prior, and 8 update 5 and prior on Windows
Detection
Get the installed version of Oracle Java SE JRE with the help of detect NVT and check it is vulnerable or not.
References
- http://secunia.com/advisories/59501
- http://securitytracker.com/id?1030577
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.osvdb.com/109127
- http://www.osvdb.com/109132
- http://www.osvdb.com/109135
- http://www.osvdb.com/109136
- http://www.osvdb.com/109138
- http://www.osvdb.com/109142
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4268 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Remote Code Execution Vulnerability -June13 (Windows)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities