Oval Definition:oval:org.mitre.oval:def:22214
Revision Date:2015-03-23Version:7
Title:Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JAAS)
Description:Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-0416
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Java Runtime Environment
Definition Synopsis
  • Determine if the version of Java Runtime Environment is less than 1.5.0:update_56
  • Determine if the version of Java Runtime Environment is less than 1.5.0:update_56
  • AND Java SE Runtime Environment 5 is installed
  • OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_66
  • Determine if the version of Java Runtime Environment is less than 1.6.0:update_66
  • AND Java SE Runtime Environment 6 is installed
  • OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_46
  • Determine if the version of Java Runtime Environment is less than 1.7.0:update_46
  • AND Java SE Runtime Environment 7 is installed
  • BACK