CVE - CVE-2014-0411

CVE-ID
CVE-2014-0411	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:64758 URL:http://www.securityfocus.com/bid/64758 BID:64918 URL:http://www.securityfocus.com/bid/64918 CONFIRM:http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004656 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21669519 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21675938 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676190 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676373 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676978 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677388 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21680234 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21680387 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21682668 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21682669 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21682670 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21682671 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21682904 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132 CONFIRM:http://www.ibm.com/support/docview.wss?uid=ssg1S1004745 CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21672078 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1053010 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777 CONFIRM:https://www.ibm.com/support/docview.wss?uid=swg21675223 CONFIRM:https://www.ibm.com/support/docview.wss?uid=swg21677913 HP:HPSBUX02972 URL:http://marc.info/?l=bugtraq&m=139402697611681&w=2 HP:HPSBUX02973 URL:http://marc.info/?l=bugtraq&m=139402749111889&w=2 HP:SSRT101454 URL:http://marc.info/?l=bugtraq&m=139402697611681&w=2 HP:SSRT101455 URL:http://marc.info/?l=bugtraq&m=139402749111889&w=2 OSVDB:102028 URL:~~http://osvdb.org/102028~~ (Obsolete source) REDHAT:RHSA-2014:0026 URL:http://rhn.redhat.com/errata/RHSA-2014-0026.html REDHAT:RHSA-2014:0027 URL:http://rhn.redhat.com/errata/RHSA-2014-0027.html REDHAT:RHSA-2014:0030 URL:http://rhn.redhat.com/errata/RHSA-2014-0030.html REDHAT:RHSA-2014:0097 URL:http://rhn.redhat.com/errata/RHSA-2014-0097.html REDHAT:RHSA-2014:0134 URL:http://rhn.redhat.com/errata/RHSA-2014-0134.html REDHAT:RHSA-2014:0135 URL:http://rhn.redhat.com/errata/RHSA-2014-0135.html REDHAT:RHSA-2014:0136 URL:http://rhn.redhat.com/errata/RHSA-2014-0136.html REDHAT:RHSA-2014:0414 URL:https://access.redhat.com/errata/RHSA-2014:0414 SECTRACK:1029608 URL:http://www.securitytracker.com/id/1029608 SECUNIA:56432 URL:http://secunia.com/advisories/56432 SECUNIA:56485 URL:http://secunia.com/advisories/56485 SECUNIA:56486 URL:http://secunia.com/advisories/56486 SECUNIA:56487 URL:http://secunia.com/advisories/56487 SECUNIA:56535 URL:http://secunia.com/advisories/56535 SECUNIA:57809 URL:http://secunia.com/advisories/57809 SECUNIA:59037 URL:http://secunia.com/advisories/59037 SECUNIA:59071 URL:http://secunia.com/advisories/59071 SECUNIA:59082 URL:http://secunia.com/advisories/59082 SECUNIA:59194 URL:http://secunia.com/advisories/59194 SECUNIA:59235 URL:http://secunia.com/advisories/59235 SECUNIA:59251 URL:http://secunia.com/advisories/59251 SECUNIA:59254 URL:http://secunia.com/advisories/59254 SECUNIA:59283 URL:http://secunia.com/advisories/59283 SECUNIA:59324 URL:http://secunia.com/advisories/59324 SECUNIA:59339 URL:http://secunia.com/advisories/59339 SECUNIA:59665 URL:http://secunia.com/advisories/59665 SECUNIA:59704 URL:http://secunia.com/advisories/59704 SECUNIA:59705 URL:http://secunia.com/advisories/59705 SECUNIA:59872 URL:http://secunia.com/advisories/59872 SECUNIA:60005 URL:http://secunia.com/advisories/60005 SECUNIA:60498 URL:http://secunia.com/advisories/60498 SECUNIA:60833 URL:http://secunia.com/advisories/60833 SECUNIA:60835 URL:http://secunia.com/advisories/60835 SECUNIA:60836 URL:http://secunia.com/advisories/60836 SUSE:SUSE-SU-2014:0246 URL:http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html SUSE:SUSE-SU-2014:0266 URL:http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html SUSE:SUSE-SU-2014:0451 URL:http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html SUSE:openSUSE-SU-2014:0174 URL:http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html SUSE:openSUSE-SU-2014:0177 URL:http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html SUSE:openSUSE-SU-2014:0180 URL:http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html UBUNTU:USN-2089-1 URL:http://www.ubuntu.com/usn/USN-2089-1 UBUNTU:USN-2124-1 URL:http://www.ubuntu.com/usn/USN-2124-1 XF:oracle-cpujan2014-cve20140411(90357) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90357
Assigning CNA
Oracle
Date Record Created
20131212	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20131212)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)