FKIE_CVE-2014-0423

Vulnerability from fkie_nvd - Published: 2014-01-15 16:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.
References
secalert_us@oracle.comhttp://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
secalert_us@oracle.comhttp://marc.info/?l=bugtraq&m=139402697611681&w=2
secalert_us@oracle.comhttp://marc.info/?l=bugtraq&m=139402749111889&w=2
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2014-0026.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2014-0027.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2014-0030.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2014-0097.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2014-0134.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2014-0135.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2014-0136.html
secalert_us@oracle.comhttp://secunia.com/advisories/56432
secalert_us@oracle.comhttp://secunia.com/advisories/56485
secalert_us@oracle.comhttp://secunia.com/advisories/56486
secalert_us@oracle.comhttp://secunia.com/advisories/56487
secalert_us@oracle.comhttp://secunia.com/advisories/56535
secalert_us@oracle.comhttp://secunia.com/advisories/59283
secalert_us@oracle.comhttp://secunia.com/advisories/60568
secalert_us@oracle.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21677388
secalert_us@oracle.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21679287
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlVendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/64758
secalert_us@oracle.comhttp://www.securityfocus.com/bid/64914
secalert_us@oracle.comhttp://www.securitytracker.com/id/1029608
secalert_us@oracle.comhttp://www.ubuntu.com/usn/USN-2089-1
secalert_us@oracle.comhttp://www.ubuntu.com/usn/USN-2124-1
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2014:0414
secalert_us@oracle.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1053066
secalert_us@oracle.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90340
secalert_us@oracle.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
af854a3a-2127-422b-91ae-364da2661108http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=139402697611681&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=139402749111889&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0026.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0027.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0030.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0097.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0134.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0135.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0136.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56432
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56485
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56486
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56487
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56535
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59283
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60568
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21677388
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21679287
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64758
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64914
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029608
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2089-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2124-1
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2014:0414
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1053066
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90340
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
Impacted products
Vendor Product Version
oracle jrockit r27.7.7
oracle jrockit r28.2.9
oracle jre 1.7.0
oracle jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jre 1.5.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r27.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A52105-35B8-4D16-88BE-D6F81BC7B0DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9394F13-201D-42BD-8B48-E4F9FEE41477",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*",
              "matchCriteriaId": "A5226952-1972-4572-9F8C-C90D89040FD3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update65:*:*:*:*:*:*",
              "matchCriteriaId": "105B15BC-6764-41C3-847D-BA1396CC034F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update65:*:*:*:*:*:*",
              "matchCriteriaId": "BBCFEADF-7282-4C56-813B-A5DEAD9BF17B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.5.0:update55:*:*:*:*:*:*",
              "matchCriteriaId": "3A3360E8-7FF0-41CF-A84A-06D498A97C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.5.0:update55:*:*:*:*:*:*",
              "matchCriteriaId": "F831C70D-2CD9-4579-9DED-D1BE6701965E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Oracle Java SE 50.u55, 6u65 y 7u45; JRockit R27.7.7 y R28.2.9; y Java SE Embedded 7u45 permite a usuarios remotos autenticados afectar la confidencialidad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con Beans."
    }
  ],
  "evaluatorComment": "Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\n\n\"Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\"",
  "id": "CVE-2014-0423",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-15T16:08:10.267",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=139402697611681\u0026w=2"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=139402749111889\u0026w=2"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0136.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/56432"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/56485"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/56486"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/56487"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/56535"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/59283"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/60568"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677388"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679287"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/64758"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/64914"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securitytracker.com/id/1029608"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.ubuntu.com/usn/USN-2089-1"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.ubuntu.com/usn/USN-2124-1"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://access.redhat.com/errata/RHSA-2014:0414"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053066"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90340"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=139402697611681\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=139402749111889\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0136.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2089-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2124-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2014:0414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.