SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Juniper Junos Space Vendors:   Juniper
(Juniper Issues Fix for Juniper Junos Space) Oracle Java Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
SecurityTracker Alert ID:  1033836
SecurityTracker URL:  http://securitytracker.com/id/1033836
CVE Reference:   CVE-2014-0429, CVE-2014-0453, CVE-2014-0456, CVE-2014-0460   (Links to External Site)
Date:  Oct 16 2015
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 15.1R1
Description:   Multiple vulnerabilities were reported in Oracle Java. A remote user can gain full control of the target system. A remote or local user can cause denial of service conditions. A remote or local user can partially access and modify data on the target system. Juniper Junos Space is affected.

A remote user can exploit a flaw in the Java SE, JRockit, Java SE Embedded component to gain elevated privileges [CVE-2014-0429].

A remote user can exploit a flaw in the Java SE, JRockit, Java SE Embedded component to gain elevated privileges [CVE-2014-0457].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to gain elevated privileges [CVE-2014-0456].

A remote user can exploit a flaw in the Java SE, JavaFX, Java SE Embedded component to gain elevated privileges [CVE-2014-2421].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-2410].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to gain elevated privileges [CVE-2014-2397].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to gain elevated privileges [CVE-2014-0432].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to gain elevated privileges [CVE-2014-0455].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to gain elevated privileges [CVE-2014-0461].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-0448].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to gain elevated privileges [CVE-2014-2428].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-2412].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-0451].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-0458].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-2423].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-0452].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-2414].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-2402].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-0446].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-0454].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-2427].

A remote user can exploit a flaw in the Java SE, JavaFX component to partially access data, partially modify data, and partially deny service [CVE-2014-2422].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access and partially modify data [CVE-2014-2409].

A remote user can exploit a flaw in the Java SE, JRockit, Java SE Embedded component to partially access and partially modify data [CVE-2014-0460].

A remote user can exploit a flaw in the Java SE, JRockit, Java SE Embedded component to cause partial denial of service conditions [CVE-2013-6954].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data [CVE-2013-6629].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data [CVE-2014-0449].

A local user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data [CVE-2014-2403].

A remote user can exploit a flaw in the Java SE, JavaFX, Java SE Embedded component to partially access data [CVE-2014-2401].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2014-0463].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2014-0464].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to cause partial denial of service conditions [CVE-2014-0459].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially modify data [CVE-2014-2413].

A remote user can exploit a flaw in the Java SE, JRockit, Java SE Embedded component to partially access and partially modify data [CVE-2014-0453].

A remote authenticated user can exploit a flaw in the Java SE, JavaFX, JRockit, component to partially modify data [CVE-2014-2398].

A local user can exploit a flaw in the Java SE, JRockit, Java SE Embedded component to partially modify data and cause partial denial of service conditions [CVE-2014-1876].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially modify data [CVE-2014-2420].

The following researchers reported these and other Oracle vulnerabilities:

Abstergo Industries; Adam Willard of Foreground Security; Adi Ivascu; Amir Sohail; Aniket Singh; Ankit Bharathan; Ateeq Khan; Avik Sarkar; Ben Khlifa Fahmi; Christian Galeone; Deepanker Chawla; Gaurav Mishra; Gopal Bisht; Gurjant Singh Sadhra; James Pearson;
Jerold Camacho; Ketan Sirigiri; Koutrouss Naddara of Kotros Nadara; Mazin Ahmed; Mohamed M. Fouad; Muhammad Talha Khan; Rakesh Singh of Zero Day Guys; Salman Khan; Sebastian Neef of Internetwache PGP; Shahmeer Baloch; Sherin Panikar; Simone Memoli; Sky_BlaCk;
Thamatam Deepak; and Tony Trummer and Tushar Dalvi (for contributions to Oracle's On-Line Presence Security program).

Impact:   A remote user can gain full control of the target system.

A remote or local user can cause denial of service conditions.

A remote or local user can partially access and modify data on the target system.

Solution:   Juniper has issued a fix for CVE-2014-0429, CVE-2014-0453, CVE-2014-0456, and CVE-2014-0460 for Juniper Junos Space (15.1R1).

The Juniper advisory is available at:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

Vendor URL:  kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 (Links to External Site)
Cause:   Not specified

Message History:   This archive entry is a follow-up to the message listed below.
Apr 16 2014 Oracle Java Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC