CVE-2014-3068

Severity

64%

Complexity

99%

Confidentiality

81%

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N).

Overview

Type

IBM Java

First reported 10 years ago

2014-12-02 01:59:00

Last updated 7 years ago

2017-08-29 01:34:00

Affected Software

IBM Java 5.0.0.0

5.0.0.0

IBM Java 5.0.11.0 Service Refresh 11

5.0.11.0

IBM Java 5.0.11.1 Service Refresh 11 (FixPack 1)

5.0.11.1

IBM Java 5.0.11.2 Service Refresh 11 (FixPack 2)

5.0.11.2

IBM Java 5.0.12.0 Service Refresh 12

5.0.12.0

IBM Java 5.0.12.1 Service Refresh 12 (FixPack 1)

5.0.12.1

IBM Java 5.0.12.2 Service Refresh 12 (FixPack 2)

5.0.12.2

IBM Java 5.0.12.3 Service Refresh 12 (FixPack 3)

5.0.12.3

IBM Java 5.0.12.4 Service Refresh 12 (FixPack 4)

5.0.12.4

IBM Java 5.0.12.5 Service Refresh 12 (FixPack 5)

5.0.12.5

IBM Java 5.0.13.0 Service Refresh 13

5.0.13.0

IBM Java 5.0.14.0 Service Refresh 14

5.0.14.0

IBM Java 5.0.15.0 Service Refresh 15

5.0.15.0

IBM Java 5.0.16.0 Service Refresh 16

5.0.16.0

IBM Java 5.0.16.1 Service Refresh 16 (Fix Pack 1)

5.0.16.1

IBM Java 5.0.16.2 Service Refresh 16 (Fix Pack 2)

5.0.16.2

IBM Java 5.0.16.3 Service Refresh 16 (Fix Pack 3)

5.0.16.3

IBM Java 6.0.0.0

6.0.0.0

IBM Java 6.0.1.0 Service Refresh 1

6.0.1.0

IBM Java 6.0.2.0 Service Refresh 2

6.0.2.0

IBM Java 6.0.3.0 Service Refresh 3

6.0.3.0

IBM Java 6.0.4.0 Service Refresh 4

6.0.4.0

IBM Java 6.0.5.0 Service Refresh 5

6.0.5.0

IBM Java 6.0.6.0 Service Refresh 6

6.0.6.0

IBM Java 6.0.7.0 Service Refresh 7

6.0.7.0

IBM Java 6.0.8.0 Service Refresh 8

6.0.8.0

IBM Java 6.0.8.1 Service Refresh 8 (FixPack 1)

6.0.8.1

IBM Java 6.0.9.0 Service Refresh 9

6.0.9.0

IBM Java 6.0.9.1 Service Refresh 9 (FixPack 1)

6.0.9.1

IBM Java 6.0.9.2 Service Refresh 9 (FixPack 2)

6.0.9.2

IBM Java 6.0.10.0 Service Refresh 10

6.0.10.0

IBM Java 6.0.10.1 Service Refresh 10 (FixPack 1)

6.0.10.1

IBM Java 6.0.11.0 Service Refresh 11

6.0.11.0

IBM Java 6.0.12.0 Service Refresh 12

6.0.12.0

IBM Java 6.0.13.0 Service Refresh 13

6.0.13.0

IBM Java 6.0.13.1 Service Refresh 13 (Fix Pack 1)

6.0.13.1

IBM Java 6.0.13.2 Service Refresh 13 (Fix Pack 2)

6.0.13.2

IBM Java 6.0.14.0 Service Refresh 14

6.0.14.0

IBM Java 7.0.0.0

7.0.0.0

IBM Java 7.0.1.0 Service Refresh 1

7.0.1.0

IBM Java 7.0.2.0 Service Refresh 2

7.0.2.0

IBM Java 7.0.3.0 Service Refresh 3

7.0.3.0

IBM Java 7.0.4.0 Service Refresh 4

7.0.4.0

IBM Java 7.0.4.1 Service Refresh 4 (Fix Pack 1)

7.0.4.1

IBM Java 7.0.4.2 Service Refresh 4 (Fix Pack 2)

7.0.4.2

IBM Java 7.0.5.0 Serice Refresh 5

7.0.5.0

References

RHSA-2015:0264

IV66876

Vendor Advisory

IV66894

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21691089

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1164201

ibm-ikeyman-cve20143068-info-disc(93756)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.