CVE-2014-0408

Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
http://osvdb.org/101999
http://secunia.com/advisories/56485
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	Vendor Advisory
http://www.securityfocus.com/bid/64758
http://www.securityfocus.com/bid/64910
http://www.securitytracker.com/id/1029608
http://www.ubuntu.com/usn/USN-2089-1

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

History

13 May 2022, 14:57

Type	Values Removed	Values Added
CPE	cpe:2.3:a:oracle:jre:1.7.0:update_45::::::	cpe:2.3:a:oracle:jre:1.7.0:update45::::::

Information

Published : 2014-01-15 16:08

Updated : 2023-12-10 11:16

NVD link : CVE-2014-0408

Mitre link : CVE-2014-0408

CVE.ORG link : CVE-2014-0408

JSON object : View

Products Affected

oracle

jre

apple

mac_os_x

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-0408", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-15T16:08:09.907", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html", "source": "secalert_us@oracle.com"}, {"url": "http://osvdb.org/101999", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/56485", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/64758", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/64910", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1029608", "source": "secalert_us@oracle.com"}, {"url": "http://www.ubuntu.com/usn/USN-2089-1", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."}, {"lang": "es", "value": "Vulnerabilidad no especificada Oracle Java SE 7u45, cuando corre sobre OS X, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Hotspot."}], "lastModified": "2022-05-13T14:57:17.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5226952-1972-4572-9F8C-C90D89040FD3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\n\n\"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.\"", "sourceIdentifier": "secalert_us@oracle.com"}