CVE-2014-0428
published 2014-01-15CVE-2014-0428: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality…
critical10CVSS 3.1
AVNACLAuNCCICAC
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
Ubuntu
OpenJDK 6 regression
vendor_ubuntu·2014-04-08·CVSS 7.5
[HIGH] OpenJDK 6 regression
Title: OpenJDK 6 regression
Summary: USN-2124-1 introduced a regression in OpenJDK 6.
USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream
regression, memory was not properly zeroed under certain circumstances
which could lead to instability. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to expose
sensitive data over the network. (CVE-2014-0411)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-5878, CVE
Ubuntu
OpenJDK 6 vulnerabilities
vendor_ubuntu·2014-02-27·CVSS 7.5
CVE-2013-5878 [HIGH] OpenJDK 6 vulnerabilities
Title: OpenJDK 6 vulnerabilities
Summary: Several security issues were fixed in OpenJDK 6.
A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. An attacker could exploit this to expose
sensitive data over the network. (CVE-2014-0411)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2013-5878, CVE-2013-5907, CVE-2014-0373, CVE-2014-0422,
CVE-2014-0428)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2013-5884, CVE-2014-0368)
Two vul
Ubuntu
OpenJDK 7 vulnerabilities
vendor_ubuntu·2014-01-23·CVSS 6.4
CVE-2013-5817 [MEDIUM] OpenJDK 7 vulnerabilities
Title: OpenJDK 7 vulnerabilities
Summary: Several security issues were fixed in OpenJDK 7.
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783,
CVE-2013-5804, CVE-2014-0411)
Several vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825, CVE-2013-5896,
CVE-2013-5910)
Several vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797,
CVE-2013-5820, CVE-2014-0376, CVE-2014-0416)
Several vulnerabilities we
Red Hat
OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)
vendor_redhat·2014-01-14·CVSS 10.0
CVE-2014-0428 [CRITICAL] OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)
OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 7) - Not affected
Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 7) - Not affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected
GHSA
GHSA-26mx-fqqx-jrm9: Unspecified vulnerability in Oracle Java SE 5
ghsa_unreviewed·2022-05-13
CVE-2014-0428 [HIGH] GHSA-26mx-fqqx-jrm9: Unspecified vulnerability in Oracle Java SE 5
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
No detection rules found.
No public exploits indexed.
http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00105.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00107.htmlhttp://lists.opensuse.org/opensuse-updates/2014-02/msg00000.htmlhttp://marc.info/?l=bugtraq&m=139402697611681&w=2http://marc.info/?l=bugtraq&m=139402749111889&w=2http://osvdb.org/101996http://rhn.redhat.com/errata/RHSA-2014-0026.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0027.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0030.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0097.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0134.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0135.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0136.htmlhttp://secunia.com/advisories/56432http://secunia.com/advisories/56485http://secunia.com/advisories/56486http://secunia.com/advisories/56535http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/bid/64758http://www.securityfocus.com/bid/64935http://www.securitytracker.com/id/1029608http://www.ubuntu.com/usn/USN-2089-1http://www.ubuntu.com/usn/USN-2124-1https://access.redhat.com/errata/RHSA-2014:0414https://bugzilla.redhat.com/show_bug.cgi?id=1051519https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00105.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00107.htmlhttp://lists.opensuse.org/opensuse-updates/2014-02/msg00000.htmlhttp://marc.info/?l=bugtraq&m=139402697611681&w=2http://marc.info/?l=bugtraq&m=139402749111889&w=2http://osvdb.org/101996http://rhn.redhat.com/errata/RHSA-2014-0026.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0027.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0030.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0097.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0134.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0135.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0136.htmlhttp://secunia.com/advisories/56432http://secunia.com/advisories/56485http://secunia.com/advisories/56486http://secunia.com/advisories/56535http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlhttp://www.securityfocus.com/bid/64758http://www.securityfocus.com/bid/64935http://www.securitytracker.com/id/1029608http://www.ubuntu.com/usn/USN-2089-1http://www.ubuntu.com/usn/USN-2124-1https://access.redhat.com/errata/RHSA-2014:0414https://bugzilla.redhat.com/show_bug.cgi?id=1051519https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
2014-01-15
Published