What is the severity of CVE-2014-0458?

CVE-2014-0458 has been classified as a high severity vulnerability due to its potential to allow untrusted Java applications to bypass sandbox restrictions.

How do I fix CVE-2014-0458?

To fix CVE-2014-0458, update your Oracle Java SE to the latest version or apply the relevant patches provided by your operating system vendor.

Which versions of Oracle Java are affected by CVE-2014-0458?

CVE-2014-0458 affects Oracle Java SE 6u71, 7u51, and 8, along with Oracle JDK and JRE versions corresponding to these updates.

What systems are impacted by CVE-2014-0458?

CVE-2014-0458 impacts various systems including Oracle Java SE, IcedTea, Ubuntu, and Debian distributions that include affected versions of Java.

Can CVE-2014-0458 lead to arbitrary code execution?

Yes, CVE-2014-0458 has the potential to allow arbitrary code execution if exploited by an untrusted Java application or applet.

Vulnerability/
CVE-2014-0458

high

7.5

14/4/2014

16/4/2014

12/4/2025

CVE-2014-0458

First published: Mon Apr 14 2014(Updated: )

It was discovered that the activation framework did not properly protect the default command map. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
redhat/icedtea	<1.13.3	1.13.3
redhat/icedtea	<2.4.7	2.4.7
Ubuntu	=10.04
Ubuntu	=12.04
Ubuntu	=12.10
Ubuntu	=13.10
Ubuntu	=14.04
Oracle Java SE 7	=1.6.0-update71
Oracle Java SE 7	=1.7.0-update51
Oracle Java SE 7	=1.8.0
Oracle JRE	=1.6.0-update71
Oracle JRE	=1.7.0-update51
Oracle JRE	=1.8.0
Debian Linux	=6.0
Debian Linux	=7.0
Debian Linux	=8.0
	=10.04
	=12.04
	=12.10
	=13.10
	=14.04
	=1.6.0-update71
	=1.7.0-update51
	=1.8.0
	=1.6.0-update71
	=1.7.0-update51
	=1.8.0
	=6.0
	=7.0
	=8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0458?
CVE-2014-0458 has been classified as a high severity vulnerability due to its potential to allow untrusted Java applications to bypass sandbox restrictions.
How do I fix CVE-2014-0458?
To fix CVE-2014-0458, update your Oracle Java SE to the latest version or apply the relevant patches provided by your operating system vendor.
Which versions of Oracle Java are affected by CVE-2014-0458?
CVE-2014-0458 affects Oracle Java SE 6u71, 7u51, and 8, along with Oracle JDK and JRE versions corresponding to these updates.
What systems are impacted by CVE-2014-0458?
CVE-2014-0458 impacts various systems including Oracle Java SE, IcedTea, Ubuntu, and Debian distributions that include affected versions of Java.
Can CVE-2014-0458 lead to arbitrary code execution?
Yes, CVE-2014-0458 has the potential to allow arbitrary code execution if exploited by an untrusted Java application or applet.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-0458
agent/software-canonical-lookup
agent/author
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
package-manager/redhat
vendor/canonical
canonical/ubuntu
version/ubuntu/10.04
version/ubuntu/12.04
version/ubuntu/12.10
version/ubuntu/13.10
version/ubuntu/14.04
vendor/oracle
canonical/oracle java se 7
version/oracle java se 7/1.6.0-update71
version/oracle java se 7/1.7.0-update51
version/oracle java se 7/1.8.0
canonical/oracle jre
version/oracle jre/1.6.0-update71
version/oracle jre/1.7.0-update51
version/oracle jre/1.8.0
vendor/debian
canonical/debian linux
version/debian linux/6.0
version/debian linux/7.0
version/debian linux/8.0