CVE-2014-0385

Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/101998
http://secunia.com/advisories/56485
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	Vendor Advisory
http://www.securityfocus.com/bid/64758
http://www.securityfocus.com/bid/64901
http://www.securitytracker.com/id/1029608
http://osvdb.org/101998
http://secunia.com/advisories/56485
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	Vendor Advisory
http://www.securityfocus.com/bid/64758
http://www.securityfocus.com/bid/64901
http://www.securitytracker.com/id/1029608

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jdk:1.7.0:update45::::::
	cpe:2.3:a:oracle:jre:1.7.0:update45::::::

History

21 Nov 2024, 02:01

Type	Values Removed	Values Added
References	~~() http://osvdb.org/101998 -~~	() http://osvdb.org/101998 -
References	~~() http://secunia.com/advisories/56485 -~~	() http://secunia.com/advisories/56485 -
References	~~() http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - Vendor Advisory~~	() http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/64758 -~~	() http://www.securityfocus.com/bid/64758 -
References	~~() http://www.securityfocus.com/bid/64901 -~~	() http://www.securityfocus.com/bid/64901 -
References	~~() http://www.securitytracker.com/id/1029608 -~~	() http://www.securitytracker.com/id/1029608 -

Information

Published : 2014-01-15 16:08

Updated : 2024-11-21 02:01

NVD link : CVE-2014-0385

Mitre link : CVE-2014-0385

CVE.ORG link : CVE-2014-0385

JSON object : View

Products Affected

oracle

jre
jdk

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-0385", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-15T16:08:07.237", "references": [{"url": "http://osvdb.org/101998", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/56485", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/64758", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/64901", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1029608", "source": "secalert_us@oracle.com"}, {"url": "http://osvdb.org/101998", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/56485", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/64758", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/64901", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1029608", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Java SE 7u45, cuando se instala OS X, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Install."}], "lastModified": "2024-11-21T02:01:59.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update45:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45B89CBB-BF1F-4887-BD28-6D6FB77AD18A"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5226952-1972-4572-9F8C-C90D89040FD3"}], "operator": "OR"}]}], "evaluatorComment": "per:\nhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\n\nApplies to installation process on client deployment of Java.", "sourceIdentifier": "secalert_us@oracle.com"}