IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2014-3068 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 2.4 |
---|---|
Base Metrics | AV:L/AC:H/Au:S/C:P/I:P/A:N |
Access Vector | Local |
Access Complexity | High |
Authentication | Single |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm) | RHSA-2015:0264 | 2015-02-24 |
Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm) | RHSA-2015:0264 | 2015-02-24 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2014:1042 | 2014-08-11 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) | RHSA-2014:1036 | 2014-08-07 |
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) | RHSA-2014:1041 | 2014-08-11 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) | RHSA-2014:1033 | 2014-08-07 |
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) | RHSA-2014:1036 | 2014-08-07 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) | RHSA-2014:1041 | 2014-08-11 |
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) | RHSA-2014:1033 | 2014-08-07 |