National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2014-0411 Detail

Description

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.

Source:  MITRE      Last Modified:  01/15/2014

Quick Info

CVE Dictionary Entry:
CVE-2014-0411
Original release date:
01/15/2014
Last revised:
01/04/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.0 MEDIUM
Vector:
(AV:N/AC:H/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore:
4.9
Exploitability Subscore:
4.9
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
High
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc External Source CONFIRM http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html External Source SUSE SUSE-SU-2014:0246
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html External Source SUSE SUSE-SU-2014:0266
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html External Source SUSE SUSE-SU-2014:0451
http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html External Source SUSE openSUSE-SU-2014:0174
http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html External Source SUSE openSUSE-SU-2014:0177
http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html External Source SUSE openSUSE-SU-2014:0180
http://marc.info/?l=bugtraq&m=139402697611681&w=2 External Source HP SSRT101454
http://marc.info/?l=bugtraq&m=139402749111889&w=2 External Source HP HPSBUX02973
http://rhn.redhat.com/errata/RHSA-2014-0026.html External Source REDHAT RHSA-2014:0026
http://rhn.redhat.com/errata/RHSA-2014-0027.html External Source REDHAT RHSA-2014:0027
http://rhn.redhat.com/errata/RHSA-2014-0030.html External Source REDHAT RHSA-2014:0030
http://rhn.redhat.com/errata/RHSA-2014-0097.html External Source REDHAT RHSA-2014:0097
http://rhn.redhat.com/errata/RHSA-2014-0134.html External Source REDHAT RHSA-2014:0134
http://rhn.redhat.com/errata/RHSA-2014-0135.html External Source REDHAT RHSA-2014:0135
http://rhn.redhat.com/errata/RHSA-2014-0136.html External Source REDHAT RHSA-2014:0136
http://secunia.com/advisories/59194 External Source SECUNIA 59194
http://secunia.com/advisories/59235 External Source SECUNIA 59235
http://secunia.com/advisories/59283 External Source SECUNIA 59283
http://secunia.com/advisories/59324 External Source SECUNIA 59324
http://secunia.com/advisories/59339 External Source SECUNIA 59339
http://secunia.com/advisories/59705 External Source SECUNIA 59705
http://secunia.com/advisories/60833 External Source SECUNIA 60833
http://secunia.com/advisories/60835 External Source SECUNIA 60835
http://secunia.com/advisories/60836 External Source SECUNIA 60836
http://www.ibm.com/support/docview.wss?uid=ssg1S1004745 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=ssg1S1004745
http://www.ibm.com/support/docview.wss?uid=swg21672078 External Source CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21672078
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html Vendor Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/64758 External Source BID 64758
http://www.securityfocus.com/bid/64918 External Source BID 64918
http://www.securitytracker.com/id/1029608 External Source SECTRACK 1029608
http://www.ubuntu.com/usn/USN-2089-1 External Source UBUNTU USN-2089-1
http://www.ubuntu.com/usn/USN-2124-1 External Source UBUNTU USN-2124-1
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004656 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004656
http://www-01.ibm.com/support/docview.wss?uid=swg21669519 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21669519
http://www-01.ibm.com/support/docview.wss?uid=swg21675938 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21675938
http://www-01.ibm.com/support/docview.wss?uid=swg21676190 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676190
http://www-01.ibm.com/support/docview.wss?uid=swg21676373 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676373
http://www-01.ibm.com/support/docview.wss?uid=swg21676978 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676978
http://www-01.ibm.com/support/docview.wss?uid=swg21677388 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677388
http://www-01.ibm.com/support/docview.wss?uid=swg21680234 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21680234
http://www-01.ibm.com/support/docview.wss?uid=swg21680387 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21680387
http://www-01.ibm.com/support/docview.wss?uid=swg21682668 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682668
http://www-01.ibm.com/support/docview.wss?uid=swg21682669 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682669
http://www-01.ibm.com/support/docview.wss?uid=swg21682670 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682670
http://www-01.ibm.com/support/docview.wss?uid=swg21682671 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682671
http://www-01.ibm.com/support/docview.wss?uid=swg21682904 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21682904
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132 External Source CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132
https://access.redhat.com/errata/RHSA-2014:0414 External Source REDHAT RHSA-2014:0414
https://bugzilla.redhat.com/show_bug.cgi?id=1053010 External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1053010
https://exchange.xforce.ibmcloud.com/vulnerabilities/90357 External Source XF oracle-cpujan2014-cve20140411(90357)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777 External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
https://www.ibm.com/support/docview.wss?uid=swg21675223 External Source CONFIRM https://www.ibm.com/support/docview.wss?uid=swg21675223
https://www.ibm.com/support/docview.wss?uid=swg21677913 External Source CONFIRM https://www.ibm.com/support/docview.wss?uid=swg21677913

Technical Details

Vulnerability Type (View All)

Change History 6 change records found - show changes