CVE-2014-0458
published 2014-04-16CVE-2014-0458: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv10.0CRITICAL
Ubuntu
OpenJDK 6 vulnerabilities
vendor_ubuntu·2014-05-01·CVSS 10.0
CVE-2014-0429 [CRITICAL] OpenJDK 6 vulnerabilities
Title: OpenJDK 6 vulnerabilities
Summary: Several security issues were fixed in OpenJDK 6.
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,
CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462,
CVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421,
CVE-2014-2423, CVE-2014-2427)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)
A vulnerability wa
Ubuntu
OpenJDK 7 vulnerabilities
vendor_ubuntu·2014-04-30·CVSS 10.0
CVE-2014-0429 [CRITICAL] OpenJDK 7 vulnerabilities
Title: OpenJDK 7 vulnerabilities
Summary: Several security issues were fixed in OpenJDK 7.
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,
CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,
CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414,
CVE-2014-2421, CVE-2014-2423, CVE-2014-2427)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)
A v
Red Hat
OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
vendor_redhat·2014-04-15·CVSS 7.5
CVE-2014-0458 [HIGH] OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected
Red Hat
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
vendor_redhat·2014-04-15·CVSS 7.5
CVE-2014-0452 [HIGH] OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected
Red Hat
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
vendor_redhat·2014-04-15·CVSS 7.5
CVE-2014-2423 [HIGH] OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected
VulDB
Oracle Java SE/Java SE Embedded 6u71/7u51/8 JAX-WS cross site scripting (Nessus ID 73654 / ID 185086)
vuldb·2026-05-10·CVSS 7.5
CVE-2014-0458 [HIGH] Oracle Java SE/Java SE Embedded 6u71/7u51/8 JAX-WS cross site scripting (Nessus ID 73654 / ID 185086)
A vulnerability, which was classified as critical, has been found in Oracle Java SE and Java SE Embedded 6u71/7u51/8. Affected by this issue is some unknown functionality of the component JAX-WS. This manipulation causes basic cross site scripting.
This vulnerability is tracked as CVE-2014-0458. The attack is possible to be carried out remotely. No exploit exists.
It is advisable to upgrade the affected component.
GHSA
GHSA-4rcf-j8r8-4576: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
ghsa_unreviewed·2022-05-10·CVSS 7.5
CVE-2014-2423 [HIGH] GHSA-4rcf-j8r8-4576: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
GHSA
GHSA-94mc-862r-9gjc: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
ghsa_unreviewed·2022-05-10·CVSS 7.5
CVE-2014-0458 [HIGH] GHSA-94mc-862r-9gjc: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
GHSA
GHSA-p9f6-jpfc-m7rw: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
ghsa_unreviewed·2022-05-10·CVSS 7.5
CVE-2014-0452 [HIGH] GHSA-p9f6-jpfc-m7rw: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
OSV
openjdk-7 vulnerabilities
osv·2014-04-30·CVSS 10.0
CVE-2014-0429 [CRITICAL] openjdk-7 vulnerabilities
openjdk-7 vulnerabilities
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,
CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,
CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414,
CVE-2014-2421, CVE-2014-2423, CVE-2014-2427)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)
A vulnerability was discovered in the OpenJDK JRE related to availabi
OSV
CVE-2014-0458: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
osv·2014-04-15·CVSS 7.5
CVE-2014-0458 [HIGH] CVE-2014-0458: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
OSV
CVE-2014-0452: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
osv·2014-04-15·CVSS 7.5
CVE-2014-0452 [HIGH] CVE-2014-0452: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
OSV
CVE-2014-2423: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
osv·2014-04-15·CVSS 7.5
CVE-2014-2423 [HIGH] CVE-2014-2423: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
No detection rules found.
No public exploits indexed.
http://marc.info/?l=bugtraq&m=140852886808946&w=2http://marc.info/?l=bugtraq&m=140852974709252&w=2http://rhn.redhat.com/errata/RHSA-2014-0675.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0685.htmlhttp://secunia.com/advisories/58415http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21672080http://www.debian.org/security/2014/dsa-2912http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlhttp://www.securityfocus.com/bid/66883http://www.ubuntu.com/usn/USN-2187-1http://www.ubuntu.com/usn/USN-2191-1https://access.redhat.com/errata/RHSA-2014:0413https://access.redhat.com/errata/RHSA-2014:0414http://marc.info/?l=bugtraq&m=140852886808946&w=2http://marc.info/?l=bugtraq&m=140852974709252&w=2http://rhn.redhat.com/errata/RHSA-2014-0675.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0685.htmlhttp://secunia.com/advisories/58415http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21672080http://www.debian.org/security/2014/dsa-2912http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlhttp://www.securityfocus.com/bid/66883http://www.ubuntu.com/usn/USN-2187-1http://www.ubuntu.com/usn/USN-2191-1https://access.redhat.com/errata/RHSA-2014:0413https://access.redhat.com/errata/RHSA-2014:0414
2014-04-16
Published