First published: Fri Nov 14 2014(Updated: )
A vulnerability was found in the Java Certificate Management System (CMS) keystore provider that could potentially allow an attacker to recover the private key from CMS keystores via a brute-force attack. External References: <a href="http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2014">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2014</a> <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21680334">http://www-01.ibm.com/support/docview.wss?uid=swg21680334</a> <a href="http://xforce.iss.net/xforce/xfdb/93756">http://xforce.iss.net/xforce/xfdb/93756</a>
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM JDK | =5.0.0.0 | |
IBM JDK | =5.0.11.0 | |
IBM JDK | =5.0.11.1 | |
IBM JDK | =5.0.11.2 | |
IBM JDK | =5.0.12.0 | |
IBM JDK | =5.0.12.1 | |
IBM JDK | =5.0.12.2 | |
IBM JDK | =5.0.12.3 | |
IBM JDK | =5.0.12.4 | |
IBM JDK | =5.0.12.5 | |
IBM JDK | =5.0.13.0 | |
IBM JDK | =5.0.14.0 | |
IBM JDK | =5.0.15.0 | |
IBM JDK | =5.0.16.0 | |
IBM JDK | =5.0.16.1 | |
IBM JDK | =5.0.16.2 | |
IBM JDK | =5.0.16.3 | |
IBM JDK | =6.0.0.0 | |
IBM JDK | =6.0.1.0 | |
IBM JDK | =6.0.2.0 | |
IBM JDK | =6.0.3.0 | |
IBM JDK | =6.0.4.0 | |
IBM JDK | =6.0.5.0 | |
IBM JDK | =6.0.6.0 | |
IBM JDK | =6.0.7.0 | |
IBM JDK | =6.0.8.0 | |
IBM JDK | =6.0.8.1 | |
IBM JDK | =6.0.9.0 | |
IBM JDK | =6.0.9.1 | |
IBM JDK | =6.0.9.2 | |
IBM JDK | =6.0.10.0 | |
IBM JDK | =6.0.10.1 | |
IBM JDK | =6.0.11.0 | |
IBM JDK | =6.0.12.0 | |
IBM JDK | =6.0.13.0 | |
IBM JDK | =6.0.13.1 | |
IBM JDK | =6.0.13.2 | |
IBM JDK | =6.0.14.0 | |
IBM JDK | =7.0.0.0 | |
IBM JDK | =7.0.1.0 | |
IBM JDK | =7.0.2.0 | |
IBM JDK | =7.0.3.0 | |
IBM JDK | =7.0.4.0 | |
IBM JDK | =7.0.4.1 | |
IBM JDK | =7.0.4.2 | |
IBM JDK | =7.0.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-3068 is considered a high-severity vulnerability due to its potential to expose private keys through a brute-force attack.
To fix CVE-2014-3068, upgrade to a patched version of IBM JDK, which addresses the vulnerability.
CVE-2014-3068 affects multiple versions of IBM JDK, including version 5.0 through 7.0.5.0.
Yes, CVE-2014-3068 can significantly impact application security by allowing attackers to recover sensitive private keys.
Yes, CVE-2014-3068 is a Java security vulnerability specifically linked to the Java Certificate Management System keystore provider.