CVE - CVE-2014-0428

CVE-ID
CVE-2014-0428	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1051519 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777 HP:HPSBUX02972 URL:http://marc.info/?l=bugtraq&m=139402697611681&w=2 HP:HPSBUX02973 URL:http://marc.info/?l=bugtraq&m=139402749111889&w=2 HP:SSRT101454 URL:http://marc.info/?l=bugtraq&m=139402697611681&w=2 HP:SSRT101455 URL:http://marc.info/?l=bugtraq&m=139402749111889&w=2 REDHAT:RHSA-2014:0026 URL:http://rhn.redhat.com/errata/RHSA-2014-0026.html REDHAT:RHSA-2014:0027 URL:http://rhn.redhat.com/errata/RHSA-2014-0027.html REDHAT:RHSA-2014:0097 URL:http://rhn.redhat.com/errata/RHSA-2014-0097.html REDHAT:RHSA-2014:0136 URL:http://rhn.redhat.com/errata/RHSA-2014-0136.html REDHAT:RHSA-2014:0030 URL:http://rhn.redhat.com/errata/RHSA-2014-0030.html REDHAT:RHSA-2014:0134 URL:http://rhn.redhat.com/errata/RHSA-2014-0134.html REDHAT:RHSA-2014:0135 URL:http://rhn.redhat.com/errata/RHSA-2014-0135.html REDHAT:RHSA-2014:0414 URL:https://access.redhat.com/errata/RHSA-2014:0414 SUSE:openSUSE-SU-2014:0174 URL:http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html SUSE:SUSE-SU-2014:0246 URL:http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html SUSE:SUSE-SU-2014:0266 URL:http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html SUSE:openSUSE-SU-2014:0177 URL:http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html SUSE:openSUSE-SU-2014:0180 URL:http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html SUSE:SUSE-SU-2014:0451 URL:http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html UBUNTU:USN-2089-1 URL:http://www.ubuntu.com/usn/USN-2089-1 UBUNTU:USN-2124-1 URL:http://www.ubuntu.com/usn/USN-2124-1 BID:64758 URL:http://www.securityfocus.com/bid/64758 BID:64935 URL:http://www.securityfocus.com/bid/64935 OSVDB:101996 URL:http://osvdb.org/101996 SECTRACK:1029608 URL:http://www.securitytracker.com/id/1029608 SECUNIA:56432 URL:http://secunia.com/advisories/56432 SECUNIA:56485 URL:http://secunia.com/advisories/56485 SECUNIA:56486 URL:http://secunia.com/advisories/56486 SECUNIA:56535 URL:http://secunia.com/advisories/56535
Assigning CNA
N/A
Date Entry Created
20131212	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131212)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org