CVE-2014-2420
published 2014-04-16CVE-2014-2420: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors…
low2.6CVSS 3.1
AVNACHAuNCNIPAN
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
VulDB
Oracle Java SE/Java SE Embedded 6u71/7u51/8 Deployment (Nessus ID 73570 / ID 122067)
vuldb·2026-05-11·CVSS 2.6
CVE-2014-2420 [LOW] Oracle Java SE/Java SE Embedded 6u71/7u51/8 Deployment (Nessus ID 73570 / ID 122067)
A vulnerability labeled as problematic has been found in Oracle Java SE and Java SE Embedded 6u71/7u51/8. This affects an unknown part of the component Deployment Handler. The manipulation results in an unknown weakness.
This vulnerability is known as CVE-2014-2420. It is possible to launch the attack remotely. No exploit is available.
The affected component should be upgraded.
GHSA
GHSA-588q-6fgf-m99h: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vect
ghsa_unreviewed·2022-05-10
CVE-2014-2420 [LOW] GHSA-588q-6fgf-m99h: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vect
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Red Hat
JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
vendor_redhat·2014-04-15·CVSS 2.6
CVE-2014-2420 [LOW] JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.6.0-sun (Red Hat Enterprise Linux 7) - Not affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
bugzilla·2014-04-15·CVSS 2.6
CVE-2014-2420 [LOW] CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
Oracle Java SE 6u75, 7u55 and 8u5 fixes an unspecified vulnerability in the Deployment component (CVE-2014-2420). Upstream has CVSSv2 scored this issue as: 2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N
External Reference:
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA
Discussion:
This issue has been addressed in following products:
Oracle Java for Red Hat Enterprise Linux 6
Oracle Java for Red Hat Enterprise Linux 5
Via RHSA-2014:0413 https://rhn.redhat.com/errata/RHSA-2014-0413.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Hat Enterprise Linux 5
Via RHSA-2014:0412 https://rhn.redh
Bugzilla
CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
bugzilla·2013-04-16·CVSS 10.0
CVE-2013-2420 [CRITICAL] CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
It was discovered that the 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in 7u21 and 6u45.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
---
OpenJDK7 upstream repositories commit:
http://hg.openjdk.ja
http://marc.info/?l=bugtraq&m=140852886808946&w=2http://marc.info/?l=bugtraq&m=140852974709252&w=2http://secunia.com/advisories/60111http://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21672080http://www.ibm.com/support/docview.wss?uid=swg21677387http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlhttp://www.securityfocus.com/bid/66919https://access.redhat.com/errata/RHSA-2014:0413https://access.redhat.com/errata/RHSA-2014:0414http://marc.info/?l=bugtraq&m=140852886808946&w=2http://marc.info/?l=bugtraq&m=140852974709252&w=2http://secunia.com/advisories/60111http://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21672080http://www.ibm.com/support/docview.wss?uid=swg21677387http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlhttp://www.securityfocus.com/bid/66919https://access.redhat.com/errata/RHSA-2014:0413https://access.redhat.com/errata/RHSA-2014:0414
2014-04-16
Published