CVE-2014-6558
Public on 2014-10-15
Modified on 2014-10-16
Description
It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | java-1.6.0-openjdk | 2014-10-16 | ALAS-2014-430 | Fixed |
| Amazon Linux 1 | java-1.7.0-openjdk | 2014-10-16 | ALAS-2014-431 | Fixed |
| Amazon Linux 1 | java-1.8.0-openjdk | 2014-10-16 | ALAS-2014-432 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 2.6 | AV:N/AC:H/Au:N/C:N/I:P/A:N |
| NVD | CVSSv2 | 2.6 | AV:N/AC:H/Au:N/C:N/I:P/A:N |