SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
SecurityTracker Alert ID:  1030577
SecurityTracker URL:  http://securitytracker.com/id/1030577
CVE Reference:   CVE-2014-2483, CVE-2014-2490, CVE-2014-4208, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4223, CVE-2014-4227, CVE-2014-4244, CVE-2014-4247, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4265, CVE-2014-4266, CVE-2014-4268   (Links to External Site)
Date:  Jul 15 2014
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0u65, Java SE 6u75, Java SE 7u60, Java SE 8u5; and prior versions
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can gain full control of the target system. A remote user can access and modify data on the target system. A remote user can cause denial of service conditions.

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-4227].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-4219].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-2490].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-4216].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-4247].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-2483].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-4223].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-4262].

A remote user can exploit a flaw in the Java SE component to partially access and partially modify data [CVE-2014-4209].

A remote user can exploit a flaw in the Java SE component to partially modify data [CVE-2014-4265].

A remote user can exploit a flaw in the Java SE component to partially modify data [CVE-2014-4220].

A remote user can exploit a flaw in the Java SE component to partially modify data [CVE-2014-4218].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2014-4252].

A remote user can exploit a flaw in the Java SE component to partially modify data [CVE-2014-4266].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2014-4268].

A remote user can exploit a flaw in the Java SE component to cause partial denial of service conditions [CVE-2014-4264].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2014-4221].

A remote user can exploit a flaw in the Java SE and JRockit components to partially access and partially modify data [CVE-2014-4244].

A remote user can exploit a flaw in the Java SE and JRockit components to partially access and partially modify data [CVE-2014-4263].

A remote user can exploit a flaw in the Java SE component to partially modify data [CVE-2014-4208].

The following researchers reported these and other Oracle vulnerabilities:

Alon Friedman; Andrea Micalizzi aka rgod, working with HP's Zero Day Initiative; Borked of the Google Security Team; CERT/CC; Cihan Oncu; David Litchfield of Datacom TSS; Florian Weimer of Red Hat; Ilja van Sprundel of ioactive.com; Jeroen Frijters;
John Leitch working with HP's Zero Day Initiative; Larry W. Cashdollar; Matt Bergin of KoreLogic Disclosures; Michael Miller of Integrigy; Peter Kamensky of ERPScan (Digital Security Research Group); Rafal Wojtczuk of Bromium;
Rohan Stelling of BAE Systems Detica; Sayan Malakshinov of PSBank; Serguei Mourachov; Toby Clarke of Gotham Digital Science; and Yash Kadakia of Security Brigade.

Impact:   A remote user can gain full control of the target system.

A remote user can access and modify data on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix as part of Oracle Critical Patch Update Advisory - July 2014.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 16 2014 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 6 and 7.
Jul 17 2014 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 5.
Jul 18 2014 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
Red Hat has issued a fix for java-1.7.0-oracle for Red Hat Enterprise Linux 5, 6, and 7.
Jul 21 2014 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
Red Hat has issued a fix for java-1.6.0-sun for Red Hat Enterprise Linux 5, 6, and 7.
Aug 7 2014 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
Red Hat has issued a fix for java-1.6.0-ibm for Red Hat Enterprise Linux 5 and 6.
Aug 8 2014 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
Red Hat has issued a fix for java-1.5.0-ibm for Red Hat Enterprise Linux 5 and 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC