CVE-2014-1876 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.4 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Affected Products (NVD)

Vendor	Product	Version
oracle	openjdk	1.6.0
oracle	openjdk	1.7.0
oracle	openjdk	1.8.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

openjdk-6

lucid	Fixed 6b31-1.13.3-1ubuntu1~0.10.04.1 released
precise	Fixed 6b31-1.13.3-1ubuntu1~0.12.04.2 released
quantal	Fixed 6b31-1.13.3-1ubuntu1~0.12.10.1 released
saucy	Fixed 6b31-1.13.3-1ubuntu1~0.13.10.1 released
trusty	dne

openjdk-7

lucid	dne
precise	Fixed 7u55-2.4.7-1ubuntu1~0.12.04.2 released
quantal	Fixed 7u55-2.4.7-1ubuntu1~0.12.10.1 released
saucy	Fixed 7u55-2.4.7-1ubuntu1~0.13.10.1 released
trusty	Fixed 7u55-2.4.7-1ubuntu1 released

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562

http://marc.info/?l=bugtraq&m=140852886808946&w=2

http://marc.info/?l=bugtraq&m=140852974709252&w=2

http://osvdb.org/102808

http://rhn.redhat.com/errata/RHSA-2014-0675.html

http://rhn.redhat.com/errata/RHSA-2014-0685.html

http://seclists.org/oss-sec/2014/q1/242

http://seclists.org/oss-sec/2014/q1/285

http://secunia.com/advisories/58415

http://secunia.com/advisories/59058

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www-01.ibm.com/support/docview.wss?uid=swg21672080

http://www-01.ibm.com/support/docview.wss?uid=swg21676746

http://www-01.ibm.com/support/docview.wss?uid=swg21679713

http://www.debian.org/security/2014/dsa-2912

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

http://www.securityfocus.com/bid/65568

http://www.ubuntu.com/usn/USN-2187-1

http://www.ubuntu.com/usn/USN-2191-1

https://access.redhat.com/errata/RHSA-2014:0413

https://access.redhat.com/errata/RHSA-2014:0414

https://bugzilla.redhat.com/show_bug.cgi?id=1060907

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562

http://marc.info/?l=bugtraq&m=140852886808946&w=2

http://marc.info/?l=bugtraq&m=140852974709252&w=2

http://osvdb.org/102808

http://rhn.redhat.com/errata/RHSA-2014-0675.html

http://rhn.redhat.com/errata/RHSA-2014-0685.html

http://seclists.org/oss-sec/2014/q1/242

http://seclists.org/oss-sec/2014/q1/285

http://secunia.com/advisories/58415

http://secunia.com/advisories/59058

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www-01.ibm.com/support/docview.wss?uid=swg21672080

http://www-01.ibm.com/support/docview.wss?uid=swg21676746

http://www-01.ibm.com/support/docview.wss?uid=swg21679713

http://www.debian.org/security/2014/dsa-2912

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

http://www.securityfocus.com/bid/65568

http://www.ubuntu.com/usn/USN-2187-1

http://www.ubuntu.com/usn/USN-2191-1

https://access.redhat.com/errata/RHSA-2014:0413

https://access.redhat.com/errata/RHSA-2014:0414

https://bugzilla.redhat.com/show_bug.cgi?id=1060907