CVE-2014-6517Oracle JDK vulnerability

11 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
2.8%
top 13.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Jrockit
Timeline
PublishedOct 15
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDoracle/jrockitr27.8.3, r28.3.3+1
NVDoracle/jdk1.6.0, 1.7.0+1
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-p339-pvxm-qhgv: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R272022-05-13
OSV
openjdk-7 vulnerabilities2014-10-23
CVEList
CVE-2014-6517: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R272014-10-15
OSV
CVE-2014-6517: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R272014-10-15

📋Vendor Advisories

5
Ubuntu
OpenJDK 7 vulnerabilities2014-10-23
Ubuntu
OpenJDK 7 vulnerabilities2014-10-23
Ubuntu
OpenJDK 6 vulnerabilities2014-10-17
Red Hat
OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)2014-10-14
Debian
CVE-2014-6517: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedd...2014

💬Community

1
Bugzilla
CVE-2014-6517 OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)2014-10-10
CVE-2014-6517 — Oracle JDK vulnerability | cvebase