CVE-2014-0455
First published: Mon Apr 14 2014(Updated: )
It was discovered that MethodHandle did not properly handle variable argument lists when permuting or dropping arguments. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea | <2.4.7 | 2.4.7 |
| Ubuntu Linux | =12.10 | |
| Ubuntu Linux | =13.10 | |
| Ubuntu Linux | =14.04 | |
| Oracle JDK 6 | =1.7.0-update51 | |
| Oracle JDK 6 | =1.8.0 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update51 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0 | |
| IBM Forms Viewer | >=4.0.0<4.0.0.3 | |
| IBM Forms Viewer | >=8.0.0<8.0.1.1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027222.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0407.html
- https://rhn.redhat.com/errata/RHSA-2014-0406.html
- https://rhn.redhat.com/errata/RHSA-2014-0413.html
- https://rhn.redhat.com/errata/RHSA-2014-0412.html
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/317d55ff8423
- https://rhn.redhat.com/errata/RHSA-2014-0486.html
- https://rhn.redhat.com/errata/RHSA-2014-0675.html
- https://rhn.redhat.com/errata/RHSA-2014-0705.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1087424
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://rhn.redhat.com/errata/RHSA-2014-0675.html
- http://secunia.com/advisories/58974
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/66899
- http://www.ubuntu.com/usn/USN-2187-1
- https://access.redhat.com/errata/RHSA-2014:0413
- https://www.ibm.com/support/docview.wss?uid=swg21675973
Frequently Asked Questions
What is the severity of CVE-2014-0455?
CVE-2014-0455 has been classified as a high severity vulnerability.
How does CVE-2014-0455 affect Java applications?
CVE-2014-0455 allows an untrusted Java application to potentially bypass Java sandbox restrictions.
Which software versions are affected by CVE-2014-0455?
CVE-2014-0455 affects Oracle Java SE 7u51, 8, and certain versions of IBM Forms Viewer on different platforms.
How do I fix CVE-2014-0455?
To fix CVE-2014-0455, you should update affected versions of Oracle JDK, JRE, or IcedTea to the latest patched versions.
Is there a patch available for CVE-2014-0455?
Yes, security patches are available for CVE-2014-0455 in the respective updates from Oracle and Red Hat.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0455
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.10
- version/ubuntu linux/13.10
- version/ubuntu linux/14.04
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.7.0-update51
- version/oracle jdk 6/1.8.0
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0-update51
- version/oracle java runtime environment (jre)/1.8.0
- vendor/ibm
- canonical/ibm forms viewer
- version/ibm forms viewer/4.0.0
- version/ibm forms viewer/8.0.0
- vendor/microsoft
- canonical/microsoft windows