CVE-2014-3068

Impact:
Low
Public Date:
2014-11-14
Bugzilla:
1164201: CVE-2014-3068 IBM JDK: Java CMS keystore provider potentially allows brute-force private key recovery

The MITRE CVE dictionary describes this issue as:

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

Find out more about CVE-2014-3068 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 2.4
Base Metrics AV:L/AC:H/Au:S/C:P/I:P/A:N
Access Vector Local
Access Complexity High
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm) RHSA-2015:0264 2015-02-24
Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm) RHSA-2015:0264 2015-02-24
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) RHSA-2014:1042 2014-08-11
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) RHSA-2014:1036 2014-08-07
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2014:1041 2014-08-11
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2014:1033 2014-08-07
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) RHSA-2014:1036 2014-08-07
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) RHSA-2014:1041 2014-08-11
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2014:1033 2014-08-07

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation