Summary
The host is installed with Oracle Java SE JRE
and is prone to multiple unspecified vulnerabilities.
Impact
Successful exploitation will allow attackers
to perform certain actions with escalated privileges, disclose sensitive information and compromise a user's system.
Impact Level: System/Application.
Solution
Apply the patch from below link,
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Insight
Multiple flaws exist due to,
- Multiple errors related to the Deployment subcomponent.
- An XXE (Xml eXternal Entity) injection error in
com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java script.
- An error in windows/native/sun/awt/splashscreen/splashscreen_sys.c script related to handling of splash images.
Affected
Oracle Java SE 6 update 81 and prior,
7 update 67 and prior, and 8 update 20 and prior on Windows
Detection
Get the installed version of Oracle Java
SE JRE with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-4288, CVE-2014-6458, CVE-2014-6466, CVE-2014-6492, CVE-2014-6493, CVE-2014-6503, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6532 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)