CVE-2014-0411 Details

CVE-2014-0411

Published: 2014-01-15
Last Modified: 2020-09-08
CVE Author: NIST National Vulnerability Database
CVE Assigner: secalert_us@oracle.com
Summary

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.

Analysis
Common Vulnerability Score System v2.0
Severity Medium
Base Score 4/10
Exploit Score 4.9/10
Access Vector Network
Access Complexity High
Authentication None
Impact Score 4.9/10
Confidentiality Impact Partial
Availability Impact None
Integrity Impact Partial
Vector String AV:N/AC:H/Au:N/C:P/I:P/A:N
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:oracle:jrockit:r28.2.9:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:jrockit:r27.7.7:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:jre:1.7.0:update_45:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:jdk:1.5.0:update_55:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:jre:1.5.0:update_55:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:jre:1.6.0:update_65:*:*:*:*:*:* Yes - -
cpe:2.3:a:oracle:jdk:1.6.0:update_65:*:*:*:*:*:* Yes - -
References

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/64758
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc
http://secunia.com/advisories/56487
http://www.securityfocus.com/bid/64918
http://secunia.com/advisories/56432
http://secunia.com/advisories/56485
http://secunia.com/advisories/56535
http://secunia.com/advisories/56486
http://www.securitytracker.com/id/1029608
http://osvdb.org/102028
https://bugzilla.redhat.com/show_bug.cgi?id=1053010
http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
http://www.ubuntu.com/usn/USN-2089-1
http://rhn.redhat.com/errata/RHSA-2014-0097.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
http://www.ubuntu.com/usn/USN-2124-1
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
http://rhn.redhat.com/errata/RHSA-2014-0136.html
http://rhn.redhat.com/errata/RHSA-2014-0134.html
http://rhn.redhat.com/errata/RHSA-2014-0027.html
http://rhn.redhat.com/errata/RHSA-2014-0026.html
http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
http://rhn.redhat.com/errata/RHSA-2014-0135.html
http://rhn.redhat.com/errata/RHSA-2014-0030.html
http://marc.info/?l=bugtraq&m=139402697611681&w=2
http://marc.info/?l=bugtraq&m=139402749111889&w=2
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
http://secunia.com/advisories/59254
http://secunia.com/advisories/59082
https://www.ibm.com/support/docview.wss?uid=swg21675223
http://www.ibm.com/support/docview.wss?uid=swg21672078
http://secunia.com/advisories/59071
http://secunia.com/advisories/59251
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004656
http://secunia.com/advisories/59704
http://www-01.ibm.com/support/docview.wss?uid=swg21669519
http://secunia.com/advisories/59872
https://www.ibm.com/support/docview.wss?uid=swg21677913
http://www-01.ibm.com/support/docview.wss?uid=swg21675938
http://secunia.com/advisories/59037
http://www.ibm.com/support/docview.wss?uid=ssg1S1004745
http://secunia.com/advisories/57809
http://secunia.com/advisories/59665
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132
http://secunia.com/advisories/60498
http://www-01.ibm.com/support/docview.wss?uid=swg21680234
http://secunia.com/advisories/60005
http://www-01.ibm.com/support/docview.wss?uid=swg21680387
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
http://www-01.ibm.com/support/docview.wss?uid=swg21682904
http://www-01.ibm.com/support/docview.wss?uid=swg21682671
http://www-01.ibm.com/support/docview.wss?uid=swg21682670
http://www-01.ibm.com/support/docview.wss?uid=swg21682669
http://www-01.ibm.com/support/docview.wss?uid=swg21682668
http://www-01.ibm.com/support/docview.wss?uid=swg21677388
http://www-01.ibm.com/support/docview.wss?uid=swg21676978
http://www-01.ibm.com/support/docview.wss?uid=swg21676373
http://www-01.ibm.com/support/docview.wss?uid=swg21676190
http://secunia.com/advisories/60836
http://secunia.com/advisories/60835
http://secunia.com/advisories/60833
http://secunia.com/advisories/59705
http://secunia.com/advisories/59339
http://secunia.com/advisories/59324
http://secunia.com/advisories/59283
http://secunia.com/advisories/59235
http://secunia.com/advisories/59194
https://exchange.xforce.ibmcloud.com/vulnerabilities/90357
https://access.redhat.com/errata/RHSA-2014:0414

CVE ID
CVE-2014-0411
Published
2014-01-15
Modified
2020-09-08
CVSSv2.0
Medium
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE Pending

Free Vulnerability Scanning, Assessment and Management

Mageni's Platform is packed with all the features you need to scan, assess and manage vulnerabilities like this - it is free, open source, lightning fast, reliable and scalable.

Router
Servers
Laptop
Database
Group
Cloud

Frequently Asked Questions

No, you can scan concurrently as many assets as you want. Please note that you must be aware of the hardware requeriments of the platform to ensure a good performance.

No, you can add as many assest as you want. It doesn't matters if you have millions of assets, we won't charge you for that.

No. The software is completely free. We have no intention to charge you to use the software, in fact - it completely goes against our beliefs and business model.

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

We generate revenue by providing support and other services for customers that require a subscription so they get guaranteed support and enterprise services. To use Mageni's Platform is completely free, with no limits at all.

Yes. Mageni understands that there are professionals and businesses that need commercial support so Mageni provides an active support subscription with everything needed to run Mageni's Platform reliably and securely. More than software, it's access to security experts, knowledge resources, security updates, and support tools you can't get anywhere else. The subscription includes:

  • Ongoing delivery
    • Patches
    • Bug fixes
    • Updates
    • Upgrades
  • Technical support
    • 24/7 availability
    • Unlimited Incidents
    • Specialty-based routing
    • Multi-Channel
  • Commitments
    • Software certifications
    • Software assurance
    • SLA

No, we don't store the information of your vulnerabilities in our servers.

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization. The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. Source: "Implementing a Vulnerability Management Process". SANS Institute.

I am ready to start scanning for vulnerabilities