CVE-2014-0878

Table of Contents

Impact:
Moderate
Public Date:
2014-05-12
Bugzilla:
1097345: CVE-2014-0878 IBM JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers

The MITRE CVE dictionary describes this issue as:

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

Find out more about CVE-2014-0878 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) RHSA-2014:0509 2014-05-15
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2014:0508 2014-05-15
Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Satellite 5.5 (RHEL v.5) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Satellite 5.5 (RHEL v.6) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2014:0508 2014-05-15
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) RHSA-2014:0509 2014-05-15
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2014:0486 2014-05-13
Red Hat Satellite 5.4 (RHEL v.6) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm) RHSA-2014:0982 2014-07-29
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) RHSA-2014:0486 2014-05-13
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) RHSA-2014:0705 2014-06-10
Last Modified

CVE description copyright © 2017, The MITRE Corporation