CVE-2014-0385

Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/101998
http://secunia.com/advisories/56485
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	Vendor Advisory
http://www.securityfocus.com/bid/64758
http://www.securityfocus.com/bid/64901
http://www.securitytracker.com/id/1029608

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jdk:1.7.0:update45::::::
	cpe:2.3:a:oracle:jre:1.7.0:update45::::::

History

No history.

Information

Published : 2014-01-15 16:08

Updated : 2024-02-28 12:00

NVD link : CVE-2014-0385

Mitre link : CVE-2014-0385

CVE.ORG link : CVE-2014-0385

JSON object : View

Products Affected

oracle

jdk
jre

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-0385", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-15T16:08:07.237", "references": [{"url": "http://osvdb.org/101998", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/56485", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/64758", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/64901", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1029608", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Java SE 7u45, cuando se instala OS X, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Install."}], "lastModified": "2022-05-13T14:57:20.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update45:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45B89CBB-BF1F-4887-BD28-6D6FB77AD18A"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5226952-1972-4572-9F8C-C90D89040FD3"}], "operator": "OR"}]}], "evaluatorComment": "per:\nhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\n\nApplies to installation process on client deployment of Java.", "sourceIdentifier": "secalert_us@oracle.com"}