CVE-2014-0411 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2014-0411

CVE-2014-0411

January 15, 2014

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.

Related Resources (72)

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://rhn.redhat.com/errata/RHSA-2014-0134.html

http://secunia.com/advisories/60836

http://www.securityfocus.com/bid/64758

https://exchange.xforce.ibmcloud.com/vulnerabilities/90357

http://secunia.com/advisories/59705

http://www.ibm.com/support/docview.wss?uid=swg21672078

http://secunia.com/advisories/59324

http://secunia.com/advisories/59235

http://secunia.com/advisories/59194

http://secunia.com/advisories/60835

http://rhn.redhat.com/errata/RHSA-2014-0097.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html

http://www-01.ibm.com/support/docview.wss?uid=swg21682668

http://rhn.redhat.com/errata/RHSA-2014-0030.html

http://www-01.ibm.com/support/docview.wss?uid=swg21676190

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc

https://access.redhat.com/security/cve/CVE-2014-0411

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777

http://secunia.com/advisories/56487

http://www.securitytracker.com/id/1029608

https://www.ibm.com/support/docview.wss?uid=swg21675223

http://secunia.com/advisories/59704

http://www-01.ibm.com/support/docview.wss?uid=swg21680387

http://www-01.ibm.com/support/docview.wss?uid=swg21682669

http://rhn.redhat.com/errata/RHSA-2014-0027.html

http://secunia.com/advisories/59071

http://secunia.com/advisories/59665

http://www.ubuntu.com/usn/USN-2089-1

http://www.ibm.com/support/docview.wss?uid=ssg1S1004745

http://www-01.ibm.com/support/docview.wss?uid=swg21676373

http://www-01.ibm.com/support/docview.wss?uid=swg21676978

http://secunia.com/advisories/60005

http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html

http://osvdb.org/102028

http://rhn.redhat.com/errata/RHSA-2014-0136.html

http://www-01.ibm.com/support/docview.wss?uid=swg21680234

http://www.securityfocus.com/bid/64918

https://bugzilla.redhat.com/show_bug.cgi?id=1053010

http://www-01.ibm.com/support/docview.wss?uid=swg21669519

http://www-01.ibm.com/support/docview.wss?uid=swg21677388

http://www-01.ibm.com/support/docview.wss?uid=swg21682904

http://rhn.redhat.com/errata/RHSA-2014-0135.html

http://secunia.com/advisories/59082

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html

http://secunia.com/advisories/59251

http://www-01.ibm.com/support/docview.wss?uid=swg21675938

http://secunia.com/advisories/56535

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html

http://marc.info/?l=bugtraq&m=139402749111889&w=2

http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html

http://rhn.redhat.com/errata/RHSA-2014-0026.html

http://secunia.com/advisories/59037

http://www-01.ibm.com/support/docview.wss?uid=swg21682671

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004656

http://secunia.com/advisories/56485

https://access.redhat.com/errata/RHSA-2014:0414

http://secunia.com/advisories/59872

http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html

http://secunia.com/advisories/59254

http://secunia.com/advisories/56432

https://www.ibm.com/support/docview.wss?uid=swg21677913

http://www-01.ibm.com/support/docview.wss?uid=swg21682670

http://secunia.com/advisories/59283

http://marc.info/?l=bugtraq&m=139402697611681&w=2

http://secunia.com/advisories/60498

http://secunia.com/advisories/56486

http://secunia.com/advisories/57809

http://secunia.com/advisories/59339

http://www.ubuntu.com/usn/USN-2124-1

http://secunia.com/advisories/60833

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

CVSS v2

Base Score:

4

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

EPSS

Base Score:

1.47