CVE-2014-0460Oracle JDK vulnerability

10 documents7 sources
Severity
5.8MEDIUMNVD
EPSS
2.4%
top 15.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Juniper Junos SpaceCanonical Ubuntu LinuxDebian Linux+3 more
Timeline
PublishedApr 16
Latest updateMay 10

Description

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages4 packages

NVDoracle/jrockitr27.8.1, r28.3.1+1
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3

Also affects: Debian Linux 6.0, 7.0, 8.0, Ubuntu Linux 10.04, 12.04, 12.10, 13.10, 14.04

🔴Vulnerability Details

4
GHSA
GHSA-5fhm-4w6c-fp4v: Unspecified vulnerability in Oracle Java SE 52022-05-10
OSV
openjdk-7 vulnerabilities2014-04-30
CVEList
CVE-2014-0460: Unspecified vulnerability in Oracle Java SE 52014-04-16
OSV
CVE-2014-0460: Unspecified vulnerability in Oracle Java SE 52014-04-15

📋Vendor Advisories

3
Ubuntu
OpenJDK 6 vulnerabilities2014-05-01
Ubuntu
OpenJDK 7 vulnerabilities2014-04-30
Red Hat
OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)2014-04-15

💬Community

2
Bugzilla
CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)2014-04-14
Bugzilla
CVE-2014-0164 mcollective: world readable client config2014-04-03
CVE-2014-0460 — Oracle JDK vulnerability | cvebase