Search for vulnerabilities
Vulnerability details: VCID-jj88-ybwu-aaag
Vulnerability ID VCID-jj88-ybwu-aaag
Aliases CVE-2014-6593
Summary Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6593.html
rhas Critical https://access.redhat.com/errata/RHSA-2015:0067
rhas Important https://access.redhat.com/errata/RHSA-2015:0068
rhas Important https://access.redhat.com/errata/RHSA-2015:0069
rhas Critical https://access.redhat.com/errata/RHSA-2015:0079
rhas Critical https://access.redhat.com/errata/RHSA-2015:0080
rhas Important https://access.redhat.com/errata/RHSA-2015:0085
rhas Important https://access.redhat.com/errata/RHSA-2015:0086
rhas Critical https://access.redhat.com/errata/RHSA-2015:0133
rhas Critical https://access.redhat.com/errata/RHSA-2015:0134
rhas Critical https://access.redhat.com/errata/RHSA-2015:0135
rhas Important https://access.redhat.com/errata/RHSA-2015:0136
rhas Low https://access.redhat.com/errata/RHSA-2015:0263
rhas Low https://access.redhat.com/errata/RHSA-2015:0264
epss 0.53174 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.53174 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.53174 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.53174 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.53174 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.55222 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.55222 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.55222 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.55222 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.55222 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.56557 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.57714 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.57714 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.57714 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.57714 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.57714 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.57714 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.57714 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.5934 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.60912 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.60912 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.60912 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.60912 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
epss 0.69755 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1183049
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2014-6593
generic_textual Medium https://ubuntu.com/security/notices/USN-2486-1
generic_textual Medium https://ubuntu.com/security/notices/USN-2487-1
cvssv3.1 5.3 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Reference id Reference type URL
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
http://marc.info/?l=bugtraq&m=142496355704097&w=2
http://marc.info/?l=bugtraq&m=142607790919348&w=2
http://packetstormsecurity.com/files/134251/Java-Secure-Socket-Extension-JSSE-SKIP-TLS.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6593.html
http://rhn.redhat.com/errata/RHSA-2015-0068.html
http://rhn.redhat.com/errata/RHSA-2015-0079.html
http://rhn.redhat.com/errata/RHSA-2015-0080.html
http://rhn.redhat.com/errata/RHSA-2015-0085.html
http://rhn.redhat.com/errata/RHSA-2015-0086.html
http://rhn.redhat.com/errata/RHSA-2015-0136.html
http://rhn.redhat.com/errata/RHSA-2015-0264.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6593.json
https://api.first.org/data/v1/epss?cve=CVE-2014-6593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
https://kc.mcafee.com/corporate/index?page=content&id=SB10104
https://security.gentoo.org/glsa/201507-14
https://security.gentoo.org/glsa/201603-14
https://ubuntu.com/security/notices/USN-2486-1
https://ubuntu.com/security/notices/USN-2487-1
https://www-304.ibm.com/support/docview.wss?uid=swg21695474
https://www.exploit-db.com/exploits/38641/
http://www.debian.org/security/2015/dsa-3144
http://www.debian.org/security/2015/dsa-3147
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.securityfocus.com/bid/72169
http://www.securitytracker.com/id/1031580
http://www.ubuntu.com/usn/USN-2486-1
http://www.ubuntu.com/usn/USN-2487-1
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
1183049 https://bugzilla.redhat.com/show_bug.cgi?id=1183049
cpe:2.3:a:oracle:jdk:1.5.0:update75:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.5.0:update75:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update85:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update85:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update71:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update71:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update72:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update75:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.5.0:update75:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update85:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update85:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update71:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update71:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update72:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update72:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update25:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r27.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jrockit:r27.8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r28.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jrockit:r28.3.4:*:*:*:*:*:*:*
CVE-2014-6593 https://nvd.nist.gov/vuln/detail/CVE-2014-6593
CVE-2014-6593;OSVDB-117238 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/38641.rb
RHSA-2015:0067 https://access.redhat.com/errata/RHSA-2015:0067
RHSA-2015:0068 https://access.redhat.com/errata/RHSA-2015:0068
RHSA-2015:0069 https://access.redhat.com/errata/RHSA-2015:0069
RHSA-2015:0079 https://access.redhat.com/errata/RHSA-2015:0079
RHSA-2015:0080 https://access.redhat.com/errata/RHSA-2015:0080
RHSA-2015:0085 https://access.redhat.com/errata/RHSA-2015:0085
RHSA-2015:0086 https://access.redhat.com/errata/RHSA-2015:0086
RHSA-2015:0133 https://access.redhat.com/errata/RHSA-2015:0133
RHSA-2015:0134 https://access.redhat.com/errata/RHSA-2015:0134
RHSA-2015:0135 https://access.redhat.com/errata/RHSA-2015:0135
RHSA-2015:0136 https://access.redhat.com/errata/RHSA-2015:0136
RHSA-2015:0263 https://access.redhat.com/errata/RHSA-2015:0263
RHSA-2015:0264 https://access.redhat.com/errata/RHSA-2015:0264
USN-2486-1 https://usn.ubuntu.com/2486-1/
USN-2487-1 https://usn.ubuntu.com/2487-1/
Data source Exploit-DB
Date added Nov. 5, 2015
Description JSSE - SKIP-TLS
Ransomware campaign use Unknown
Source publication date Nov. 5, 2015
Exploit type webapps
Platform multiple
Source update date Nov. 5, 2015
Data source Metasploit
Description This module exploits an incomplete internal state distinction in Java Secure Socket Extension (JSSE) by impersonating the server and finishing the handshake before the peers have authenticated themselves and instantiated negotiated security parameters, resulting in a plaintext SSL/TLS session with the client. This plaintext SSL/TLS session is then proxied to the server using a second SSL/TLS session from the proxy to the server (or an alternate fake server) allowing the session to continue normally and plaintext application data transmitted between the peers to be saved. This module requires an active man-in-the-middle attack.
Note 
{}
Ransomware campaign use Unknown
Source publication date Jan. 20, 2015
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/server/jsse_skiptls_mitm_proxy.rb
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-6593
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.97737
EPSS Score 0.53174
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.