IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2014-3068 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 2.4 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:S/C:P/I:P/A:N |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm) | RHSA-2015:0264 | 2015-02-24 |
| Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm) | RHSA-2015:0264 | 2015-02-24 |
| Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2014:1042 | 2014-08-11 |
| Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) | RHSA-2014:1036 | 2014-08-07 |
| Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) | RHSA-2014:1041 | 2014-08-11 |
| Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) | RHSA-2014:1033 | 2014-08-07 |
| Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) | RHSA-2014:1036 | 2014-08-07 |
| Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) | RHSA-2014:1041 | 2014-08-11 |
| Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) | RHSA-2014:1033 | 2014-08-07 |
Vulmon