Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ucdc-3fpd-9yhp
Vulnerability ID VCID-ucdc-3fpd-9yhp
Aliases CVE-2014-6593
Summary Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Status Published
Exploitability 0.5
Weighted Severity 0.7
Risk 0.3
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.72836 https://api.first.org/data/v1/epss?cve=CVE-2014-6593
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6593.json
https://api.first.org/data/v1/epss?cve=CVE-2014-6593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
1183049 https://bugzilla.redhat.com/show_bug.cgi?id=1183049
CVE-2014-6593;OSVDB-117238 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/38641.rb
GLSA-201507-14 https://security.gentoo.org/glsa/201507-14
GLSA-201603-14 https://security.gentoo.org/glsa/201603-14
RHSA-2015:0067 https://access.redhat.com/errata/RHSA-2015:0067
RHSA-2015:0068 https://access.redhat.com/errata/RHSA-2015:0068
RHSA-2015:0069 https://access.redhat.com/errata/RHSA-2015:0069
RHSA-2015:0079 https://access.redhat.com/errata/RHSA-2015:0079
RHSA-2015:0080 https://access.redhat.com/errata/RHSA-2015:0080
RHSA-2015:0085 https://access.redhat.com/errata/RHSA-2015:0085
RHSA-2015:0086 https://access.redhat.com/errata/RHSA-2015:0086
RHSA-2015:0133 https://access.redhat.com/errata/RHSA-2015:0133
RHSA-2015:0134 https://access.redhat.com/errata/RHSA-2015:0134
RHSA-2015:0135 https://access.redhat.com/errata/RHSA-2015:0135
RHSA-2015:0136 https://access.redhat.com/errata/RHSA-2015:0136
RHSA-2015:0263 https://access.redhat.com/errata/RHSA-2015:0263
RHSA-2015:0264 https://access.redhat.com/errata/RHSA-2015:0264
Data source Metasploit
Description This module exploits an incomplete internal state distinction in Java Secure Socket Extension (JSSE) by impersonating the server and finishing the handshake before the peers have authenticated themselves and instantiated negotiated security parameters, resulting in a plaintext SSL/TLS session with the client. This plaintext SSL/TLS session is then proxied to the server using a second SSL/TLS session from the proxy to the server (or an alternate fake server) allowing the session to continue normally and plaintext application data transmitted between the peers to be saved. This module requires an active man-in-the-middle attack.
Note 
{}
Ransomware campaign use Unknown
Source publication date Jan. 20, 2015
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/server/jsse_skiptls_mitm_proxy.rb
Data source Exploit-DB
Date added Nov. 5, 2015
Description JSSE - SKIP-TLS
Ransomware campaign use Unknown
Source publication date Nov. 5, 2015
Exploit type webapps
Platform multiple
Source update date Nov. 5, 2015
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.98794
EPSS Score 0.72836
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:05:36.670017+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0