Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-6593Oracle JDK vulnerability

11 documents9 sources
Severity
4.0MEDIUMNVD
EPSS
69.9%
top 1.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Oracle JDKOracle JREOracle Jrockit
Timeline
PublishedJan 21
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages3 packages

NVDoracle/jrockitr27.8.4, r28.3.4+1
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-fpfc-8gg5-hw57: Unspecified vulnerability in Oracle Java SE 52022-05-13
OSV
openjdk-7 vulnerabilities2015-01-28
CVEList
CVE-2014-6593: Unspecified vulnerability in Oracle Java SE 52015-01-21
OSV
CVE-2014-6593: Unspecified vulnerability in Oracle Java SE 52015-01-21

💥Exploits & PoCs

1
Exploit-DB
JSSE - SKIP-TLS2015-11-05

📋Vendor Advisories

4
Ubuntu
OpenJDK 7 vulnerabilities2015-01-28
Ubuntu
OpenJDK 6 vulnerabilities2015-01-27
Red Hat
OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)2015-01-20
Debian
CVE-2014-6593: openjdk-8 - Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java S...2014

💬Community

1
Bugzilla
CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)2015-01-16
CVE-2014-6593 — Oracle JDK vulnerability | cvebase