CVE-2014-0454
First published: Mon Apr 14 2014(Updated: )
It was discovered that the AlgorithmChecker and SignatureAndHashAlgorithm classes did not properly prevent the SIGNATURE_PRIMITIVE_SET set from being modified. An untrusted Java application or applet could possibly use this flaw to alter the content of the SIGNATURE_PRIMITIVE_SET set.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea | <2.4.7 | 2.4.7 |
| Ubuntu | =12.10 | |
| Ubuntu | =13.10 | |
| Ubuntu | =14.04 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update51 | |
| Oracle OpenJDK 1.8.0 | =1.8.0 | |
| Oracle JRE | =1.7.0-update51 | |
| Oracle JRE | =1.8.0 | |
| IBM Forms Viewer | >=4.0.0<4.0.0.3 | |
| IBM Forms Viewer | >=8.0.0<8.0.1.1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027222.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0407.html
- https://rhn.redhat.com/errata/RHSA-2014-0406.html
- https://rhn.redhat.com/errata/RHSA-2014-0413.html
- https://rhn.redhat.com/errata/RHSA-2014-0412.html
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/e1d0f947faa0
- https://rhn.redhat.com/errata/RHSA-2014-0486.html
- https://rhn.redhat.com/errata/RHSA-2014-0675.html
- https://rhn.redhat.com/errata/RHSA-2014-0705.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1087440
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://rhn.redhat.com/errata/RHSA-2014-0675.html
- http://secunia.com/advisories/58974
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/66905
- http://www.ubuntu.com/usn/USN-2187-1
- https://access.redhat.com/errata/RHSA-2014:0413
- https://www.ibm.com/support/docview.wss?uid=swg21675973
Frequently Asked Questions
What is the severity of CVE-2014-0454?
CVE-2014-0454 is classified as a critical vulnerability due to its potential impact on the integrity of cryptographic processes.
How do I fix CVE-2014-0454?
To remediate CVE-2014-0454, upgrade to the affected software versions specified in the security advisories, such as IcedTea 2.4.7 or Oracle JDK 1.7.0-update51.
What software is affected by CVE-2014-0454?
CVE-2014-0454 affects various versions of IcedTea, Oracle JDK, Oracle JRE, and IBM Forms Viewer on specific operating systems.
Can CVE-2014-0454 affect my Java applications?
Yes, if your applications use the vulnerable versions of the JDK or JRE, they may be at risk of exploitation due to this vulnerability.
Is my operating system affected by CVE-2014-0454?
CVE-2014-0454 can affect operating systems running vulnerable versions of Java, such as Ubuntu 12.10, 13.10, and 14.04.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0454
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.10
- version/ubuntu/13.10
- version/ubuntu/14.04
- vendor/oracle
- canonical/oracle openjdk 1.8.0
- version/oracle openjdk 1.8.0/1.7.0-update51
- version/oracle openjdk 1.8.0/1.8.0
- canonical/oracle jre
- version/oracle jre/1.7.0-update51
- version/oracle jre/1.8.0
- vendor/ibm
- canonical/ibm forms viewer
- version/ibm forms viewer/4.0.0
- version/ibm forms viewer/8.0.0
- vendor/microsoft
- canonical/microsoft windows