CVE-2014-2397: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and…

CVE-2014-2397 [CRITICAL] Oracle Java SE/Java SE Embedded 7u51/8 Hotspot cross site scripting (Nessus ID 73654 / ID 185085) A vulnerability was found in Oracle Java SE and Java SE Embedded 7u51/8. It has been rated as very critical. This issue affects some unknown processing of the component Hotspot. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2014-2397. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

CVE-2014-2397 [HIGH] GHSA-h6qh-cj3m-7qm5: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and a Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVE-2014-0429 [CRITICAL] openjdk-7 vulnerabilities openjdk-7 vulnerabilities Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460) A vulnerability was discovered in the OpenJDK JRE related to availabi

CVE-2014-2397 [CRITICAL] CVE-2014-2397: Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and a Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVE-2014-0429 [CRITICAL] OpenJDK 6 vulnerabilities Title: OpenJDK 6 vulnerabilities Summary: Several security issues were fixed in OpenJDK 6. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-0462, CVE-2014-2397, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460) A vulnerability wa

CVE-2014-0429 [CRITICAL] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460) A v

CVE-2014-2397 [CRITICAL] OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926) OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926) Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.7.0-ibm (Red Hat Enterprise Linux 5) - Not affected Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.6.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.7.0-ibm (Red Hat Enterprise Linux 6) - Not affected Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected

CVE-2014-2397 [CRITICAL] CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926) CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926) It was discovered that the class file parser did not properly parse class files with an invalid BootstrapMethods attribute length. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Discussion: Fixed now in Oracle Java SE 7u55 and 8u5 via Oracle Critical Patch Update Advisory - April 2014. Fixed in IcedTea6 1.13.3 and IcedTea7 2.4.7: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027214.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027222.html External References: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA --- This issue has been addressed in