CVE-2014-4264
First published: Tue Jul 15 2014(Updated: )
It was discovered that the Security component did not properly handle data related to TLS and elliptic curves. An unauthenticated remote attacker could exploit this to impact the availability of the Java Virtual Machine.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JDK 6 | =1.7.0-update60 | |
| Oracle JDK 6 | =1.8.0-update5 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update60 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/60326
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60812
- http://secunia.com/advisories/60890
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www.debian.org/security/2014/dsa-2987
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68612
- http://www.securitytracker.com/id/1030577
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/errata/RHSA-2014:0902
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94603
- https://kc.mcafee.com/corporate/index?page=content&id=SB10083
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c084492f9e3d
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0902.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1119622
Frequently Asked Questions
What is the severity of CVE-2014-4264?
CVE-2014-4264 has a high severity level as it allows unauthenticated remote attackers to potentially impact the availability of the Java Virtual Machine.
How do I fix CVE-2014-4264?
To fix CVE-2014-4264, you should upgrade to a patched version of Oracle JDK or JRE, specifically versions beyond 1.7.0-update60 and 1.8.0-update5.
Which software is affected by CVE-2014-4264?
CVE-2014-4264 affects Oracle JDK 1.7.0-update60, Oracle JDK 1.8.0-update5, and their corresponding JRE versions.
What types of attacks are possible with CVE-2014-4264?
CVE-2014-4264 can be exploited by remote attackers to disrupt the availability of services running on the affected Java Virtual Machine.
Is CVE-2014-4264 related to TLS and elliptic curves?
Yes, CVE-2014-4264 is related to improper handling of data concerning TLS and elliptic curves within the Oracle Java security component.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-4264
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.7.0-update60
- version/oracle jdk 6/1.8.0-update5
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0-update60
- version/oracle java runtime environment (jre)/1.8.0-update5