Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2014-0423

Disclosure Date: January 15, 2014 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

oracle

Products

References

Canonical

CVE-2014-0423 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423)

BID-64914 (http://www.securityfocus.com/bid/64914)

BID-64758 (http://www.securityfocus.com/bid/64758)

Advisory

SECUNIA-56432 (http://secunia.com/advisories/56432)

XF-oracle-cpujan2014-cve20140423(90340) (https://exchange.xforce.ibmcloud.com/vulnerabilities/90340)

https://access.redhat.com/errata/RHSA-2014:0414

http://rhn.redhat.com/errata/RHSA-2014-0136.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html

SSRT101455 (http://marc.info?l=bugtraq&m=139402749111889&w=2)

http://rhn.redhat.com/errata/RHSA-2014-0135.html

SECUNIA-56535 (http://secunia.com/advisories/56535)

USN-2089-1 (http://www.ubuntu.com/usn/USN-2089-1)

https://bugzilla.redhat.com/show_bug.cgi?id=1053066

http://rhn.redhat.com/errata/RHSA-2014-0030.html

http://rhn.redhat.com/errata/RHSA-2014-0097.html

SECUNIA-56485 (http://secunia.com/advisories/56485)

SSRT101454 (http://marc.info?l=bugtraq&m=139402697611681&w=2)

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777

SECUNIA-59283 (http://secunia.com/advisories/59283)

http://rhn.redhat.com/errata/RHSA-2014-0027.html

SECUNIA-56486 (http://secunia.com/advisories/56486)

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html

SECTRACK-1029608 (http://www.securitytracker.com/id/1029608)

USN-2124-1 (http://www.ubuntu.com/usn/USN-2124-1)

SECUNIA-56487 (http://secunia.com/advisories/56487)

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html

http://www-01.ibm.com/support/docview.wss?uid=swg21677388

http://rhn.redhat.com/errata/RHSA-2014-0026.html

http://www-01.ibm.com/support/docview.wss?uid=swg21679287

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html

SECUNIA-60568 (http://secunia.com/advisories/60568)

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://rhn.redhat.com/errata/RHSA-2014-0134.html

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5

http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html

Rapid7

Technical Analysis