10
CVSSv2

CVE-2014-0428

Published: 15/01/2014 Updated: 05/01/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote malicious users to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows malicious users to escape the sandbox.

Affected Products

Vendor Product Versions
OracleJdk1.5.0, 1.6.0, 1.7.0
OracleJre1.5.0, 1.6.0, 1.7.0

Vendor Advisories

Synopsis Important: java-150-ibm security update Type/Severity Security Advisory: Important Topic Updated java-150-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as havingimportant ...
Synopsis Important: java-160-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix various security issues arenow available for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant secur ...
Synopsis Critical: java-170-openjdk security update Type/Severity Security Advisory: Critical Topic Updated java-170-openjdk packages that fix various security issues arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having criticalsecurity impac ...
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-170-openjdk packages that fix various security issues arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security im ...
Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalse ...
Synopsis Critical: java-170-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-170-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalse ...
Several security issues were fixed in OpenJDK 6 ...
USN-2124-1 introduced a regression in OpenJDK 6 ...
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic Updated java-170-oracle packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having crit ...
An input validation flaw was discovered in the font layout engine in the 2D component A specially crafted font file could trigger Java Virtual Machine memory corruption when processed An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions (CVE-2013-5907 ) Multiple improper permission check issues ...
An input validation flaw was discovered in the font layout engine in the 2D component A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions (CVE-2013-5907 ) Multiple improper permission check issu ...

References

NVD-CWE-noinfohttp://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00105.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00107.htmlhttp://lists.opensuse.org/opensuse-updates/2014-02/msg00000.htmlhttp://marc.info/?l=bugtraq&m=139402697611681&w=2http://marc.info/?l=bugtraq&m=139402749111889&w=2http://osvdb.org/101996http://rhn.redhat.com/errata/RHSA-2014-0026.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0027.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0030.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0097.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0134.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0135.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0136.htmlhttp://secunia.com/advisories/56432http://secunia.com/advisories/56485http://secunia.com/advisories/56486http://secunia.com/advisories/56535http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/bid/64758http://www.securityfocus.com/bid/64935http://www.securitytracker.com/id/1029608http://www.ubuntu.com/usn/USN-2089-1http://www.ubuntu.com/usn/USN-2124-1https://access.redhat.com/errata/RHSA-2014:0414https://bugzilla.redhat.com/show_bug.cgi?id=1051519https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777https://www.securityfocus.com/bid/64935https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2014:0136https://usn.ubuntu.com/2124-1/https://www.rapid7.com/db/vulnerabilities/sunpatch-119211https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2013-5878https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-1208