CVE-2014-6593
CVE-2014-6593
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 67.2%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
20 Jan 2015Metasploit module available
21 Jan 2015Published on NVD
05 Nov 2015Public PoC
Weaponization speed
287 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/134251/Java-Secure-Socket-Extension-JSSE-SKIP-TLS.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38641/unverifiedexploitdbwww.exploit-db.com/exploits/38641unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.htmlhttp://marc.info/?l=bugtraq&m=142496355704097&w=2http://marc.info/?l=bugtraq&m=142607790919348&w=2http://packetstormsecurity.com/files/134251/Java-Secure-Socket-Extension-JSSE-SKIP-TLS.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0068.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0079.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0080.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0085.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0086.html