CVE-2014-0452
published 2014-04-16CVE-2014-0452: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv10.0CRITICAL
VulDB
Oracle Java SE/Java SE Embedded 6u71/7u51/8 JAX-WS cross site scripting (Nessus ID 73654 / ID 185086)
vuldb·2026-05-10·CVSS 7.5
CVE-2014-0452 [HIGH] Oracle Java SE/Java SE Embedded 6u71/7u51/8 JAX-WS cross site scripting (Nessus ID 73654 / ID 185086)
A vulnerability has been found in Oracle Java SE and Java SE Embedded 6u71/7u51/8 and classified as critical. This vulnerability affects unknown code of the component JAX-WS. Performing a manipulation results in basic cross site scripting.
This vulnerability is cataloged as CVE-2014-0452. It is possible to initiate the attack remotely. There is no exploit available.
The affected component should be upgraded.
GHSA
GHSA-4rcf-j8r8-4576: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
ghsa_unreviewed·2022-05-10·CVSS 7.5
CVE-2014-2423 [HIGH] GHSA-4rcf-j8r8-4576: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
GHSA
GHSA-94mc-862r-9gjc: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
ghsa_unreviewed·2022-05-10·CVSS 7.5
CVE-2014-0458 [HIGH] GHSA-94mc-862r-9gjc: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
GHSA
GHSA-p9f6-jpfc-m7rw: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
ghsa_unreviewed·2022-05-10·CVSS 7.5
CVE-2014-0452 [HIGH] GHSA-p9f6-jpfc-m7rw: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
OSV
openjdk-7 vulnerabilities
osv·2014-04-30·CVSS 10.0
CVE-2014-0429 [CRITICAL] openjdk-7 vulnerabilities
openjdk-7 vulnerabilities
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,
CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,
CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414,
CVE-2014-2421, CVE-2014-2423, CVE-2014-2427)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)
A vulnerability was discovered in the OpenJDK JRE related to availabi
OSV
CVE-2014-0458: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
osv·2014-04-15·CVSS 7.5
CVE-2014-0458 [HIGH] CVE-2014-0458: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
OSV
CVE-2014-0452: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
osv·2014-04-15·CVSS 7.5
CVE-2014-0452 [HIGH] CVE-2014-0452: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
OSV
CVE-2014-2423: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
osv·2014-04-15·CVSS 7.5
CVE-2014-2423 [HIGH] CVE-2014-2423: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Ubuntu
OpenJDK 6 vulnerabilities
vendor_ubuntu·2014-05-01·CVSS 10.0
CVE-2014-0429 [CRITICAL] OpenJDK 6 vulnerabilities
Title: OpenJDK 6 vulnerabilities
Summary: Several security issues were fixed in OpenJDK 6.
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,
CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462,
CVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421,
CVE-2014-2423, CVE-2014-2427)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)
A vulnerability wa
Ubuntu
OpenJDK 7 vulnerabilities
vendor_ubuntu·2014-04-30·CVSS 10.0
CVE-2014-0429 [CRITICAL] OpenJDK 7 vulnerabilities
Title: OpenJDK 7 vulnerabilities
Summary: Several security issues were fixed in OpenJDK 7.
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,
CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,
CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414,
CVE-2014-2421, CVE-2014-2423, CVE-2014-2427)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)
A v
Red Hat
OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
vendor_redhat·2014-04-15·CVSS 7.5
CVE-2014-0458 [HIGH] OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected
Red Hat
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
vendor_redhat·2014-04-15·CVSS 7.5
CVE-2014-0452 [HIGH] OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected
Red Hat
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
vendor_redhat·2014-04-15·CVSS 7.5
CVE-2014-2423 [HIGH] OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
No public exploits indexed.
http://marc.info/?l=bugtraq&m=140852886808946&w=2http://marc.info/?l=bugtraq&m=140852974709252&w=2http://rhn.redhat.com/errata/RHSA-2014-0675.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0685.htmlhttp://secunia.com/advisories/58415http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21672080http://www.debian.org/security/2014/dsa-2912http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlhttp://www.securityfocus.com/bid/66891http://www.ubuntu.com/usn/USN-2187-1http://www.ubuntu.com/usn/USN-2191-1https://access.redhat.com/errata/RHSA-2014:0413https://access.redhat.com/errata/RHSA-2014:0414http://marc.info/?l=bugtraq&m=140852886808946&w=2http://marc.info/?l=bugtraq&m=140852974709252&w=2http://rhn.redhat.com/errata/RHSA-2014-0675.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0685.htmlhttp://secunia.com/advisories/58415http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21672080http://www.debian.org/security/2014/dsa-2912http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlhttp://www.securityfocus.com/bid/66891http://www.ubuntu.com/usn/USN-2187-1http://www.ubuntu.com/usn/USN-2191-1https://access.redhat.com/errata/RHSA-2014:0413https://access.redhat.com/errata/RHSA-2014:0414
2014-04-16
Published