CVE-2014-0411

Published Jan 15, 2014

Last updated 3 years ago

Overview

Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.
Source: secalert_us@oracle.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 4.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jrockit:r27.7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51A52105-35B8-4D16-88BE-D6F81BC7B0DC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jrockit:r28.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9394F13-201D-42BD-8B48-E4F9FEE41477"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5226952-1972-4572-9F8C-C90D89040FD3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update55:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A3360E8-7FF0-41CF-A84A-06D498A97C69"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.5.0:update55:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F831C70D-2CD9-4579-9DED-D1BE6701965E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update65:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "105B15BC-6764-41C3-847D-BA1396CC034F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update65:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBCFEADF-7282-4C56-813B-A5DEAD9BF17B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References