National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2014-4219 Detail

Description

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Source:  MITRE      Last Modified:  07/17/2014

Evaluator Description

Per: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."

Quick Info

CVE Dictionary Entry:
CVE-2014-4219
Original release date:
07/17/2014
Last revised:
01/04/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
9.3 HIGH
Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html External Source SUSE SUSE-SU-2015:0344
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html External Source SUSE SUSE-SU-2015:0376
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html External Source SUSE SUSE-SU-2015:0392
http://marc.info/?l=bugtraq&m=140852974709252&w=2 External Source HP SSRT101668
http://rhn.redhat.com/errata/RHSA-2015-0264.html External Source REDHAT RHSA-2015:0264
http://seclists.org/fulldisclosure/2014/Dec/23 External Source FULLDISC 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
http://secunia.com/advisories/59404 External Source SECUNIA 59404
http://secunia.com/advisories/59680 External Source SECUNIA 59680
http://secunia.com/advisories/59924 External Source SECUNIA 59924
http://secunia.com/advisories/59985 External Source SECUNIA 59985
http://secunia.com/advisories/59986 External Source SECUNIA 59986
http://secunia.com/advisories/59987 External Source SECUNIA 59987
http://secunia.com/advisories/60129 External Source SECUNIA 60129
http://secunia.com/advisories/60485 External Source SECUNIA 60485
http://secunia.com/advisories/60622 External Source SECUNIA 60622
http://secunia.com/advisories/60812 External Source SECUNIA 60812
http://secunia.com/advisories/60817 External Source SECUNIA 60817
http://security.gentoo.org/glsa/glsa-201502-12.xml External Source GENTOO GLSA-201502-12
http://www.debian.org/security/2014/dsa-2980 External Source DEBIAN DSA-2980
http://www.debian.org/security/2014/dsa-2987 External Source DEBIAN DSA-2987
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Vendor Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded External Source BUGTRAQ 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
http://www.securityfocus.com/bid/68620 External Source BID 68620
http://www.securitytracker.com/id/1030577 External Source SECTRACK 1030577
http://www.vmware.com/security/advisories/VMSA-2014-0012.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www-01.ibm.com/support/docview.wss?uid=swg21680334 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21680334
http://www-01.ibm.com/support/docview.wss?uid=swg21686383 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686383
http://www-01.ibm.com/support/docview.wss?uid=swg21686824 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686824
https://access.redhat.com/errata/RHSA-2014:0902 External Source REDHAT RHSA-2014:0902
https://access.redhat.com/errata/RHSA-2014:0908 External Source REDHAT RHSA-2014:0908
https://exchange.xforce.ibmcloud.com/vulnerabilities/94589 External Source XF oracle-cpujul2014-cve20144219(94589)

Technical Details

Vulnerability Type (View All)

Change History 11 change records found - show changes