CVE-2014-0411
Last modified
CVE-2014-0411 is a vulnerability of currently unknown severity. Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. EPSS estimates a 2.41% chance of exploitation in the next 30 days.
Description
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Oracle | Jrockit | r27.7.7 | — |
| Oracle | Jrockit | r28.2.9 | — |
| Oracle | Jre | 1.7.0 | Update45 |
| Oracle | Jdk | 1.5.0 | Update55 |
| Oracle | Jre | 1.5.0 | Update55 |
| Oracle | Jdk | 1.6.0 | Update65 |
| Oracle | Jre | 1.6.0 | Update65 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-0411?
How severe is CVE-2014-0411?
How do I fix CVE-2014-0411?
Are you affected by CVE-2014-0411?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST