CVE-2014-6493
published 2014-10-15CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown…
high7.6CVSS 3.1
AVNACHAuNCCICAC
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openjdk-8 | — | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
GHSA
GHSA-jvx7-35cg-w97r: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
ghsa_unreviewed·2022-05-13·CVSS 7.6
CVE-2014-4288 [HIGH] GHSA-jvx7-35cg-w97r: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
GHSA
GHSA-x9c3-pfjg-6f43: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
ghsa_unreviewed·2022-05-13·CVSS 7.6
CVE-2014-6493 [HIGH] GHSA-x9c3-pfjg-6f43: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
GHSA
GHSA-wqrv-8v5g-pgqj: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
ghsa_unreviewed·2022-05-13·CVSS 7.6
CVE-2014-6503 [HIGH] GHSA-wqrv-8v5g-pgqj: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
GHSA
GHSA-9x5w-fgxg-c345: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
ghsa_unreviewed·2022-05-13·CVSS 7.6
CVE-2014-6532 [HIGH] GHSA-9x5w-fgxg-c345: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Red Hat
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
vendor_redhat·2014-10-14·CVSS 7.6
CVE-2014-6532 [HIGH] JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Red Hat
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
vendor_redhat·2014-10-14·CVSS 7.6
CVE-2014-6493 [HIGH] JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
Red Hat
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
vendor_redhat·2014-10-14·CVSS 7.6
CVE-2014-4288 [HIGH] JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Red Hat
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
vendor_redhat·2014-10-14·CVSS 7.6
CVE-2014-6503 [HIGH] JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
Debian
CVE-2014-6532: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
vendor_debian·2014·CVSS 7.6
CVE-2014-6532 [HIGH] CVE-2014-6532: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Scope: local
sid: resolved
Debian
CVE-2014-6493: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
vendor_debian·2014·CVSS 7.6
CVE-2014-6493 [HIGH] CVE-2014-6493: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
Scope: local
sid: resolved
Debian
CVE-2014-6503: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
vendor_debian·2014·CVSS 7.6
CVE-2014-6503 [HIGH] CVE-2014-6503: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
Scope: local
sid: resolved
Debian
CVE-2014-4288: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
vendor_debian·2014·CVSS 7.6
CVE-2014-4288 [HIGH] CVE-2014-4288: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote a...
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Scope: local
sid: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
bugzilla·2014-10-14·CVSS 7.6
CVE-2014-6493 [HIGH] CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Oracle Java SE 6u85, 7u71 and 8u25 fixes an unspecified vulnerability in the Deployment component (CVE-2014-6493). Upstream has CVSSv2 scored this issue as: 7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 6
Oracle Java for Red Hat Enterprise Linux 5
Via RHSA-2014:1658 https://rhn.redhat.com/errata/RHSA-2014-1658.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterp
Bugzilla
CVE-2013-6493 icedtea-web: insecure temporary file use flaw in LiveConnect implementation
bugzilla·2013-09-23·CVSS 2.1
CVE-2013-6493 [LOW] CVE-2013-6493 icedtea-web: insecure temporary file use flaw in LiveConnect implementation
CVE-2013-6493 icedtea-web: insecure temporary file use flaw in LiveConnect implementation
LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user could possibly use this flaw to inject or read the communication between a Java applet and web browser of a different user's session.
References:
https://jdk6.java.net/plugin2/liveconnect/
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/LiveConnect_Overview
Discussion:
Fixed now upstream in icedtea-web 1.4.2:
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-February/026192.html
Related upstream commits:
http://icedtea.classpath.org/hg/ice
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.htmlhttp://marc.info/?l=bugtraq&m=141775382904016&w=2http://rhn.redhat.com/errata/RHSA-2014-1657.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1658.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1876.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1877.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1880.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1882.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0264.htmlhttp://secunia.com/advisories/61163http://secunia.com/advisories/61164http://secunia.com/advisories/61609http://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21688283http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/bid/70468http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.htmlhttp://marc.info/?l=bugtraq&m=141775382904016&w=2http://rhn.redhat.com/errata/RHSA-2014-1657.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1658.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1876.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1877.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1880.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1882.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0264.htmlhttp://secunia.com/advisories/61163http://secunia.com/advisories/61164http://secunia.com/advisories/61609http://security.gentoo.org/glsa/glsa-201502-12.xmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21688283http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/bid/70468
2014-10-15
Published