Openjdk
CVE-2014-8873
CRITICAL
Severity by source
AV:N/AC:L/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file.
AnalysisAI
A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.0% and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file. Affected products include: Oracle Openjdk.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT styleshee
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown im
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown im
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CV
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CV
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CV
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated high severity
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. Rated high
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today