NVD

CVE-2014-0411 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Description

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 4.0 MEDIUM

Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc	CVE, Oracle
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html	CVE, Oracle
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html	CVE, Oracle
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html	CVE, Oracle
http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html	CVE, Oracle
http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html	CVE, Oracle
http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html	CVE, Oracle
http://marc.info/?l=bugtraq&m=139402697611681&w=2	CVE, Oracle
http://marc.info/?l=bugtraq&m=139402749111889&w=2	CVE, Oracle
http://osvdb.org/102028	CVE, Oracle
http://rhn.redhat.com/errata/RHSA-2014-0026.html	CVE, Oracle
http://rhn.redhat.com/errata/RHSA-2014-0027.html	CVE, Oracle
http://rhn.redhat.com/errata/RHSA-2014-0030.html	CVE, Oracle
http://rhn.redhat.com/errata/RHSA-2014-0097.html	CVE, Oracle
http://rhn.redhat.com/errata/RHSA-2014-0134.html	CVE, Oracle
http://rhn.redhat.com/errata/RHSA-2014-0135.html	CVE, Oracle
http://rhn.redhat.com/errata/RHSA-2014-0136.html	CVE, Oracle
http://secunia.com/advisories/56432	CVE, Oracle
http://secunia.com/advisories/56485	CVE, Oracle
http://secunia.com/advisories/56486	CVE, Oracle
http://secunia.com/advisories/56487	CVE, Oracle
http://secunia.com/advisories/56535	CVE, Oracle
http://secunia.com/advisories/57809	CVE, Oracle
http://secunia.com/advisories/59037	CVE, Oracle
http://secunia.com/advisories/59071	CVE, Oracle
http://secunia.com/advisories/59082	CVE, Oracle
http://secunia.com/advisories/59194	CVE, Oracle
http://secunia.com/advisories/59235	CVE, Oracle
http://secunia.com/advisories/59251	CVE, Oracle
http://secunia.com/advisories/59254	CVE, Oracle
http://secunia.com/advisories/59283	CVE, Oracle
http://secunia.com/advisories/59324	CVE, Oracle
http://secunia.com/advisories/59339	CVE, Oracle
http://secunia.com/advisories/59665	CVE, Oracle
http://secunia.com/advisories/59704	CVE, Oracle
http://secunia.com/advisories/59705	CVE, Oracle
http://secunia.com/advisories/59872	CVE, Oracle
http://secunia.com/advisories/60005	CVE, Oracle
http://secunia.com/advisories/60498	CVE, Oracle
http://secunia.com/advisories/60833	CVE, Oracle
http://secunia.com/advisories/60835	CVE, Oracle
http://secunia.com/advisories/60836	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004656	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21669519	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21675938	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21676190	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21676373	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21676978	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21677388	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21680234	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21680387	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21682668	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21682669	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21682670	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21682671	CVE, Oracle
http://www-01.ibm.com/support/docview.wss?uid=swg21682904	CVE, Oracle
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132	CVE, Oracle
http://www.ibm.com/support/docview.wss?uid=ssg1S1004745	CVE, Oracle
http://www.ibm.com/support/docview.wss?uid=swg21672078	CVE, Oracle
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	CVE, Oracle	Vendor Advisory
http://www.securityfocus.com/bid/64758	CVE, Oracle
http://www.securityfocus.com/bid/64918	CVE, Oracle
http://www.securitytracker.com/id/1029608	CVE, Oracle
http://www.ubuntu.com/usn/USN-2089-1	CVE, Oracle
http://www.ubuntu.com/usn/USN-2124-1	CVE, Oracle
https://access.redhat.com/errata/RHSA-2014:0414	CVE, Oracle
https://bugzilla.redhat.com/show_bug.cgi?id=1053010	CVE, Oracle
https://exchange.xforce.ibmcloud.com/vulnerabilities/90357	CVE, Oracle
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777	CVE, Oracle
https://www.ibm.com/support/docview.wss?uid=swg21675223	CVE, Oracle
https://www.ibm.com/support/docview.wss?uid=swg21677913	CVE, Oracle

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

14 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2014-0411
NVD Published Date:
01/15/2014
NVD Last Modified:
04/10/2025
Source:
Oracle

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2014-0411 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 9:02:03 PM

CVE Modified by Oracle 5/13/2024 11:07:12 PM

CPE Deprecation Remap by NIST 5/13/2022 10:57:15 AM

CPE Deprecation Remap by NIST 5/13/2022 10:52:47 AM

CPE Deprecation Remap by NIST 5/13/2022 10:49:16 AM

CPE Deprecation Remap by NIST 5/13/2022 10:35:10 AM

CPE Deprecation Remap by NIST 5/13/2022 10:08:46 AM

CPE Deprecation Remap by NIST 9/08/2020 9:00:26 AM

CVE Modified by Oracle 1/04/2018 9:29:46 PM

CVE Modified by Oracle 8/28/2017 9:34:09 PM

CVE Modified by Oracle 1/06/2017 9:59:26 PM

CVE Modified by Oracle 9/26/2016 9:59:37 PM

Modified Analysis by NIST 11/05/2015 11:08:45 AM

Initial CVE Analysis 1/15/2014 11:55:06 PM

Quick Info