It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | java-1.6.0-openjdk | 2014-10-16 22:15 | ALAS-2014-430 |
Amazon Linux 1 | java-1.7.0-openjdk | 2014-10-16 22:16 | ALAS-2014-431 |
Amazon Linux 1 | java-1.8.0-openjdk | 2014-10-16 22:16 | ALAS-2014-432 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 2.6 | AV:N/AC:H/Au:N/C:N/I:P/A:N |
NVD | CVSSv2 | 2.6 | AV:N/AC:H/Au:N/C:N/I:P/A:N |