Vulnerability Details : CVE-2014-6593
Public exploit exists!
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Products affected by CVE-2014-6593
- cpe:2.3:a:oracle:jrockit:r28.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jrockit:r27.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update6:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update71:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update85:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update75:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update72:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update85:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update75:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update71:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update6:*:*:*:*:*:*
Threat overview for CVE-2014-6593
Top countries where our scanners detected CVE-2014-6593
Top open port discovered on systems with this issue
90
IPs affected by CVE-2014-6593 1,488
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-6593!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-6593
69.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-6593
-
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
Disclosure Date: 2015-01-20First seen: 2020-04-26auxiliary/server/jsse_skiptls_mitm_proxyThis module exploits an incomplete internal state distinction in Java Secure Socket Extension (JSSE) by impersonating the server and finishing the handshake before the peers have authenticated themselves and instantiated negotiated security parameters, resulting in a
CVSS scores for CVE-2014-6593
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:N |
4.9
|
4.9
|
NIST |
References for CVE-2014-6593
-
http://packetstormsecurity.com/files/134251/Java-Secure-Socket-Extension-JSSE-SKIP-TLS.html
Java Secure Socket Extension (JSSE) SKIP-TLS ≈ Packet Storm
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
[security-announce] SUSE-SU-2015:0503-1: important: Security update for
-
https://security.gentoo.org/glsa/201507-14
Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201507-14) — Gentoo security
-
http://rhn.redhat.com/errata/RHSA-2015-0136.html
RHSA-2015:0136 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2487-1
USN-2487-1: OpenJDK 7 vulnerabilities | Ubuntu security notices
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10104
-
https://www.exploit-db.com/exploits/38641/
JSSE - SKIP-TLS - Multiple webapps Exploit
-
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
-
http://rhn.redhat.com/errata/RHSA-2015-0079.html
RHSA-2015:0079 - Security Advisory - Red Hat Customer Portal
-
http://marc.info/?l=bugtraq&m=142607790919348&w=2
'[security bulletin] HPSBUX03281 SSRT101968 rev.1 - HP-UX running Java7, Remote Unauthorized Access, ' - MARC
-
http://rhn.redhat.com/errata/RHSA-2015-0264.html
RHSA-2015:0264 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201603-14
IcedTea: Multiple vulnerabilities (GLSA 201603-14) — Gentoo security
-
http://rhn.redhat.com/errata/RHSA-2015-0085.html
RHSA-2015:0085 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2015/dsa-3147
Debian -- Security Information -- DSA-3147-1 openjdk-6
-
http://marc.info/?l=bugtraq&m=142496355704097&w=2
'[security bulletin] HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, ' - MARC
-
http://www.ubuntu.com/usn/USN-2486-1
USN-2486-1: OpenJDK 6 vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
[security-announce] openSUSE-SU-2015:0190-1: important: Security update
-
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Oracle Critical Patch Update - January 2015Patch;Vendor Advisory
-
http://www.securitytracker.com/id/1031580
Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2015-0086.html
RHSA-2015:0086 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2015/dsa-3144
Debian -- Security Information -- DSA-3144-1 openjdk-7
-
http://rhn.redhat.com/errata/RHSA-2015-0080.html
RHSA-2015:0080 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/72169
Oracle Java SE CVE-2014-6593 Remote Java SE, Java SE Embedded, JRockit Vulnerability
-
https://www-304.ibm.com/support/docview.wss?uid=swg21695474
IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
-
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
VMSA-2015-0003.14
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
[security-announce] SUSE-SU-2015:0336-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2015-0068.html
RHSA-2015:0068 - Security Advisory - Red Hat Customer Portal
Jump to