Vulnerability Name:

CVE-2014-6562 (CCN-97131)

Assigned:2014-10-14
Published:2014-10-14
Updated:2020-09-08
Summary:Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2014-6562

Source: CONFIRM
Type: UNKNOWN
http://linux.oracle.com/errata/ELSA-2014-1636

Source: CCN
Type: RHSA-2014-1636
Important: java-1.8.0-openjdk security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1636

Source: SECUNIA
Type: UNKNOWN
60416

Source: SECUNIA
Type: UNKNOWN
61609

Source: SECUNIA
Type: UNKNOWN
61928

Source: GENTOO
Type: UNKNOWN
GLSA-201502-12

Source: CCN
Type: Oracle Critical Patch Update Advisory - October 2014
Oracle Critical Patch Update Advisory - October 2014

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Source: BID
Type: UNKNOWN
70523

Source: CCN
Type: BID-70523
Oracle Java SE CVE-2014-6562 Remote Security Vulnerability

Source: XF
Type: UNKNOWN
oracle-cpuoct2014-cve20146562(97131)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-6562

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:jdk:1.8.0:update20:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.8.0:update_20:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:jdk:1.8.0:update20:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20146562
    V
    		CVE-2014-6562
    2022-09-02
    oval:org.opensuse.security:def:55945
    P
    		Security update for libesmtp (Important)
    2021-09-02
    oval:org.opensuse.security:def:55907
    P
    		Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:56026
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:55182
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:55833
    P
    		Security update for sudo (Important)
    2021-01-27
    oval:org.opensuse.security:def:55348
    P
    		perl-Archive-Zip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27467
    P
    		libnewt0_52 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54502
    P
    		java-1_8_0-openjdk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28040
    P
    		Security update for ctdb (Important)
    2020-12-01
    oval:org.opensuse.security:def:55741
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:27606
    P
    		Security update for curl
    2020-12-01
    oval:org.opensuse.security:def:54525
    P
    		libXrender1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28713
    P
    		Security update for Java OpenJDK
    2020-12-01
    oval:org.opensuse.security:def:27841
    P
    		Security update for mysql (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54903
    P
    		libosip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27264
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27943
    P
    		Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27339
    P
    		xterm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:57376
    P
    		Security update for Java OpenJDK
    2020-12-01
    oval:org.opensuse.security:def:27996
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:55633
    P
    		Security update for qemu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27549
    P
    		qemu on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54503
    P
    		kbd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28678
    P
    		Security update for MozillaFirefox, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:27690
    P
    		Security update for xorg-x11-libXrender
    2020-12-01
    oval:org.opensuse.security:def:54665
    P
    		python-pywbem on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27263
    P
    		perl-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27894
    P
    		Security update for struts
    2020-12-01
    oval:org.opensuse.security:def:55076
    P
    		coolkey on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27275
    P
    		pure-ftpd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:57302
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:27982
    P
    		Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (Important)
    2020-12-01
    oval:org.mitre.oval:def:27962
    V
    		JRE and JDK Vulnerability on HPUX
    2015-06-08
    oval:org.mitre.oval:def:26947
    P
    		RHSA-2014:1636: java-1.8.0-openjdk security update (Important)
    2015-04-13
    oval:org.mitre.oval:def:28277
    P
    		SUSE-SU-2014:1392-1 -- Security update for Java OpenJDK (moderate)
    2015-01-26
    oval:org.mitre.oval:def:27224
    P
    		ELSA-2014-1636 -- java-1.8.0-openjdk security update (important)
    2014-12-15
    oval:org.opensuse.security:def:80010
    P
    		Security update for Java OpenJDK
    2014-10-24
    oval:com.redhat.rhsa:def:20141636
    P
    		RHSA-2014:1636: java-1.8.0-openjdk security update (Important)
    2014-10-15
    BACK
    oracle jdk 1.8.0 update20
    oracle jre 1.8.0 update_20
    oracle jdk 1.8.0 update20
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6