CVE-2014-2490
Detail
Deferred This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Description
Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Evaluator Description
Per: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://marc.info/?l=bugtraq&m=140852886808946&w=2
CVE, Oracle
Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23
CVE, Oracle
Mailing List
Third Party Advisory
http://secunia.com/advisories/60129
CVE, Oracle
http://secunia.com/advisories/60485
CVE, Oracle
http://secunia.com/advisories/60812
CVE, Oracle
http://security.gentoo.org/glsa/glsa-201502-12.xml
CVE, Oracle
Third Party Advisory
http://www.debian.org/security/2014/dsa-2980
CVE, Oracle
Third Party Advisory
http://www.debian.org/security/2014/dsa-2987
CVE, Oracle
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CVE, Oracle
Vendor Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded
CVE, Oracle
http://www.securityfocus.com/bid/68645
CVE, Oracle
http://www.securitytracker.com/id/1030577
CVE, Oracle
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CVE, Oracle
Third Party Advisory
https://access.redhat.com/errata/RHSA-2014:0902
CVE, Oracle
Weakness Enumeration
CWE-ID
CWE Name
Source
NVD-CWE-noinfo
Insufficient Information
NIST
Change History
16 change records found show changes
CVE Modified by CVE 11/20/2024 9:06:24 PM
Action
Type
Old Value
New Value
Added
Reference
http://marc.info/?l=bugtraq&m=140852886808946&w=2
Added
Reference
http://marc.info/?l=bugtraq&m=140852886808946&w=2
Added
Reference
http://seclists.org/fulldisclosure/2014/Dec/23
Added
Reference
http://secunia.com/advisories/60129
Added
Reference
http://secunia.com/advisories/60485
Added
Reference
http://secunia.com/advisories/60812
Added
Reference
http://security.gentoo.org/glsa/glsa-201502-12.xml
Added
Reference
http://www.debian.org/security/2014/dsa-2980
Added
Reference
http://www.debian.org/security/2014/dsa-2987
Added
Reference
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Added
Reference
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Added
Reference
http://www.securityfocus.com/bid/68645
Added
Reference
http://www.securitytracker.com/id/1030577
Added
Reference
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
Added
Reference
https://access.redhat.com/errata/RHSA-2014:0902
CVE Modified by Oracle 5/13/2024 11:11:57 PM
Action
Type
Old Value
New Value
CPE Deprecation Remap by NIST 5/13/2022 10:57:15 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*
OR
*cpe:2.3:a:oracle:jre:1.8.0:update5:*:*:*:*:*:*
CPE Deprecation Remap by NIST 5/13/2022 10:57:15 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*
OR
*cpe:2.3:a:oracle:jre:1.7.0:update60:*:*:*:*:*:*
CPE Deprecation Remap by NIST 9/08/2020 9:00:34 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*
OR
*cpe:2.3:a:oracle:jdk:1.7.0:update60:*:*:*:*:*:*
CPE Deprecation Remap by NIST 9/08/2020 8:30:21 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*
OR
*cpe:2.3:a:oracle:jdk:1.8.0:update5:*:*:*:*:*:*
CVE Modified by Oracle 10/09/2018 3:43:23 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.securityfocus.com/archive/1/534161/100/0/threaded [No Types Assigned]
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded [VDB Entry]
CVE Modified by Oracle 1/04/2018 9:29:50 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2014:0902 [No Types Assigned]
CVE Modified by Oracle 1/06/2017 9:59:47 PM
Action
Type
Old Value
New Value
Added
Reference
http://secunia.com/advisories/60129 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/60485 [No Types Assigned]
Added
Reference
http://secunia.com/advisories/60812 [No Types Assigned]
Added
Reference
http://www.securityfocus.com/bid/68645 [No Types Assigned]
Added
Reference
http://www.securitytracker.com/id/1030577 [No Types Assigned]
Modified Analysis by NIST 9/06/2016 9:36:23 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
Configuration 1
OR
*cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*
*cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*
*cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*
*cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*
Configuration 2
OR
*cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Configuration 1
OR
*cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
*cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
Configuration 2
OR
*cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Configuration 3
OR
*cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*
*cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*
*cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*
*cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*
Changed
Reference Type
http://marc.info/?l=bugtraq&m=140852886808946&w=2 No Types Assigned
http://marc.info/?l=bugtraq&m=140852886808946&w=2 Third Party Advisory
Changed
Reference Type
http://seclists.org/fulldisclosure/2014/Dec/23 No Types Assigned
http://seclists.org/fulldisclosure/2014/Dec/23 Third Party Advisory, Mailing List
Changed
Reference Type
http://security.gentoo.org/glsa/glsa-201502-12.xml No Types Assigned
http://security.gentoo.org/glsa/glsa-201502-12.xml Third Party Advisory
Changed
Reference Type
http://www.debian.org/security/2014/dsa-2980 No Types Assigned
http://www.debian.org/security/2014/dsa-2980 Third Party Advisory
Changed
Reference Type
http://www.debian.org/security/2014/dsa-2987 No Types Assigned
http://www.debian.org/security/2014/dsa-2987 Third Party Advisory
Changed
Reference Type
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded No Types Assigned
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded VDB Entry
Changed
Reference Type
http://www.vmware.com/security/advisories/VMSA-2014-0012.html No Types Assigned
http://www.vmware.com/security/advisories/VMSA-2014-0012.html Third Party Advisory
CVE Modified by Oracle 8/22/2016 10:07:43 PM
Action
Type
Old Value
New Value
Added
Reference
http://marc.info/?l=bugtraq&m=140852886808946&w=2
Modified Analysis by NIST 11/23/2015 1:18:36 PM
Action
Type
Old Value
New Value
Changed
CPE Configuration
Configuration 1
OR
*cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*
*cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*
*cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*
*cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*
Configuration 1
OR
*cpe:2.3:a:oracle:jdk:1.8.0:update_5:*:*:*:*:*:*
*cpe:2.3:a:oracle:jdk:1.7.0:update_60:*:*:*:*:*:*
*cpe:2.3:a:oracle:jre:1.8.0:update_5:*:*:*:*:*:*
*cpe:2.3:a:oracle:jre:1.7.0:update_60:*:*:*:*:*:*
Configuration 2
OR
*cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVE Modified by Oracle 2/20/2015 9:59:49 PM
Action
Type
Old Value
New Value
Added
Reference
http://security.gentoo.org/glsa/glsa-201502-12.xml
CVE Modified by Oracle 12/11/2014 10:01:19 PM
Action
Type
Old Value
New Value
Added
Reference
http://seclists.org/fulldisclosure/2014/Dec/23
Added
Reference
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded
Added
Reference
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CVE Modified by Oracle 11/13/2014 10:03:18 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.debian.org/security/2014/dsa-2980
Added
Reference
http://www.debian.org/security/2014/dsa-2987
Initial CVE Analysis 7/17/2014 1:53:13 AM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2014-2490 NVD
Published Date: 07/17/2014 NVD
Last Modified: 04/12/2025
Source: Oracle
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
