Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 Oct 2014 (Windows) Network Vulnerability

Summary

The host is installed with Oracle Java SE JRE and is prone to multiple unspecified vulnerabilities.

Impact

Successful exploitation will allow attackers to manipulate certain data and execute arbitrary code. Impact Level: System/Application.

Solution

Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Insight

Multiple flaws exist due to, - Multiple errors within the Deployment subcomponent. - An error in the 'ClassFileParser::parse_classfile_bootstrap_methods_attribute' function in share/vm/classfile/classFileParser.cpp script.

Affected

Oracle Java SE 7 update 67 and prior, and 8 update 20 and prior on Windows

Detection

Get the installed version of Oracle Java SE JRE with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.com/113316
http://osvdb.com/113327
http://osvdb.com/113330
http://osvdb.com/113335
http://secunia.com/advisories/61609/
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6456, CVE-2014-6476, CVE-2014-6519, CVE-2014-6527

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
Adobe Flash Media Server Multiple Remote Security Vulnerabilities
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)

Take action and discover your vulnerabilities