CVE-2014-4263 : Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRo

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."

Published 2014-07-17 11:17:11

Updated 2025-04-12 10:46:41

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2014-4263

Oracle » Jrockit » Version: R27.8.2
cpe:2.3:a:oracle:jrockit:r27.8.2:*:*:*:*:*:*:*
Matching versions
Oracle » Jrockit » Version: R28.3.2
cpe:2.3:a:oracle:jrockit:r28.3.2:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.7.0 Update Update60
cpe:2.3:a:oracle:jdk:1.7.0:update60:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update5
cpe:2.3:a:oracle:jdk:1.8.0:update5:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.5.0 Update Update65
cpe:2.3:a:oracle:jdk:1.5.0:update65:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update75
cpe:2.3:a:oracle:jdk:1.6.0:update75:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update60
cpe:2.3:a:oracle:jre:1.7.0:update60:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.5.0 Update Update65
cpe:2.3:a:oracle:jre:1.5.0:update65:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.6.0 Update Update75
cpe:2.3:a:oracle:jre:1.6.0:update75:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update5
cpe:2.3:a:oracle:jre:1.8.0:update5:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-4263

Top countries where our scanners detected CVE-2014-4263

Top open port discovered on systems with this issue 90

IPs affected by CVE-2014-4263 1,494

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-4263!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-4263

EPSS FAQ

6.52%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-4263

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:N	4.9	4.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

References for CVE-2014-4263

http://secunia.com/advisories/61278

Sign in

CVEs referencing this url
http://secunia.com/advisories/60817

Sign in

CVEs referencing this url
http://secunia.com/advisories/60317

Sign in

CVEs referencing this url
http://secunia.com/advisories/60002

Sign in

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21686383

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
http://www.securitytracker.com/id/1030577

Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service - SecurityTracker

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2014:0908

RHSA-2014:0908 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.debian.org/security/2014/dsa-2980

Debian -- Security Information -- DSA-2980-1 openjdk-6

CVEs referencing this url
http://secunia.com/advisories/60245

Sign in

CVEs referencing this url
http://secunia.com/advisories/62319

Sign in
http://secunia.com/advisories/59503

Sign in

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/94606

Oracle Java SE and JRockit Security unspecified CVE-2014-4263 Vulnerability Report
http://secunia.com/advisories/60335

Sign in

CVEs referencing this url
http://www.vmware.com/security/advisories/VMSA-2014-0012.html

VMSA-2014-0012.1

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2014:0902

RHSA-2014:0902 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21686824

IBM Security Bulletin: IBM Notes and Domino - Multiple vulnerabilities in IBM Java (Oracle July 2014 Critical Patch Update)

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21680334

IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition

CVEs referencing this url
http://marc.info/?l=bugtraq&m=140852886808946&w=2

'[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, ' - MARC

CVEs referencing this url
http://secunia.com/advisories/60890

Sign in

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Oracle Critical Patch Update - July 2014
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/61640

Sign in

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21688893

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
http://secunia.com/advisories/60129

Sign in

CVEs referencing this url
http://www.ibm.com/support/docview.wss?uid=swg21681644

IBM notice: The page you requested cannot be displayed
http://www-01.ibm.com/support/docview.wss?uid=swg21683429

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21683338

IBM Security Bulletin: IBM InfoSphere Guardium Database Activity Monitor is affected by: CVE-2014-4263 and CVE-2014-4244

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html

[security-announce] SUSE-SU-2015:0344-1: important: Security update for

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-201502-12.xml

Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201502-12) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/60031

Sign in

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21689593

IBM Security Bulletin: AppScan Standard can be affected by vulnerability in the current IBM SDK for Java (CVE-2014-0878, CVE-2014-4244, CVE-2014-4263)

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-0264.html

RHSA-2015:0264 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21686142

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
http://secunia.com/advisories/59924

Sign in

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21685178

IBM Security Bulletin: IBM Operational Decision Manager, WebSphere ILOG JRules and WebSphere Business Events: Multiple security vulnerabilities in IBM JRE (CVE-2014-4244,CVE-2014-4263)

CVEs referencing this url
http://secunia.com/advisories/59680

Sign in

CVEs referencing this url
http://secunia.com/advisories/59985

Sign in

CVEs referencing this url
https://www.ibm.com/support/docview.wss?uid=swg21680418

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU

CVEs referencing this url
http://secunia.com/advisories/60831

Sign in

CVEs referencing this url
http://seclists.org/fulldisclosure/2014/Dec/23

Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

CVEs referencing this url
http://secunia.com/advisories/61293

Sign in

CVEs referencing this url
http://secunia.com/advisories/60622

Sign in

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html

[security-announce] SUSE-SU-2015:0392-1: important: Security update for

CVEs referencing this url
http://secunia.com/advisories/61264

Sign in

CVEs referencing this url
http://www.debian.org/security/2014/dsa-2987

Debian -- Security Information -- DSA-2987-1 openjdk-7

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21681966

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server and IBM InfoSphere Data Click (CVE-2014-04263, CVE-2014-4244)

CVEs referencing this url
http://secunia.com/advisories/60485

Sign in

CVEs referencing this url
http://secunia.com/advisories/61577

Sign in

CVEs referencing this url
http://secunia.com/advisories/61469

Sign in

CVEs referencing this url
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096529

IBM Systems Director is affected by vulnerability in IBM Java SDK (CVE-2014-4263)
http://secunia.com/advisories/60081

Sign in

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21683438

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
http://secunia.com/advisories/60846

Sign in

CVEs referencing this url
http://secunia.com/advisories/60839

Sign in
http://www-01.ibm.com/support/docview.wss?uid=swg21681379

IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Multi-Enterprise Integration Gateway (CVE-2014-4263, CVE-2014-4244)

CVEs referencing this url
http://marc.info/?l=bugtraq&m=140852974709252&w=2

'[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, ' - MARC

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21683484

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
http://secunia.com/advisories/61294

Sign in

CVEs referencing this url
http://secunia.com/advisories/59987

Sign in

CVEs referencing this url
http://secunia.com/advisories/62314

Sign in

CVEs referencing this url
http://www.securityfocus.com/archive/1/534161/100/0/threaded

SecurityFocus

CVEs referencing this url
http://secunia.com/advisories/60497

Sign in

CVEs referencing this url
http://secunia.com/advisories/60032

Sign in

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html

[security-announce] SUSE-SU-2015:0376-1: important: Security update for

CVEs referencing this url
http://www.securityfocus.com/bid/68636

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21685121

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2014-4244, CVE-2014-4263)

CVEs referencing this url
http://www.ibm.com/support/docview.wss?uid=swg21683518

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
http://secunia.com/advisories/59986

Sign in

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21685122

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-4244, CVE-2014-4263)

CVEs referencing this url
http://secunia.com/advisories/58830

Sign in

CVEs referencing this url
http://secunia.com/advisories/59404

Sign in

CVEs referencing this url
http://secunia.com/advisories/61215

Sign in

CVEs referencing this url
http://secunia.com/advisories/60812

Sign in

CVEs referencing this url
http://secunia.com/advisories/61254

Sign in

CVEs referencing this url
https://kc.mcafee.com/corporate/index?page=content&id=SB10083

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21691089

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21685242

IBM notice: The page you requested cannot be displayed

CVEs referencing this url
http://secunia.com/advisories/60180

Sign in
http://secunia.com/advisories/61846

Sign in

CVEs referencing this url
http://secunia.com/advisories/60326

Sign in

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-4263

Products affected by CVE-2014-4263

Threat overview for CVE-2014-4263

Exploit prediction scoring system (EPSS) score for CVE-2014-4263

CVSS scores for CVE-2014-4263

References for CVE-2014-4263