CVE-2014-2483

Sažetak

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."

Reference

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003
https://bugzilla.redhat.com/show_bug.cgi?id=1119626
http://www.debian.org/security/2014/dsa-2987
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201502-12.xml
http://marc.info/?l=bugtraq&m=140852886808946&w=2
http://www.securitytracker.com/id/1030577
http://www.securityfocus.com/bid/68608
http://secunia.com/advisories/60812
http://secunia.com/advisories/60485
https://access.redhat.com/errata/RHSA-2014:0902
http://www.securityfocus.com/archive/1/534161/100/0/threaded

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

13-05-2022 - 14:57

Objavljeno

17-07-2014 - 05:10