What is the severity of CVE-2014-2403?

The severity of CVE-2014-2403 is classified as high due to its potential to disclose sensitive information.

How do I fix CVE-2014-2403?

To fix CVE-2014-2403, update to the latest version of the affected software such as icedtea 1.13.3 or 2.4.7, or the appropriate Oracle Java version.

What versions of software are affected by CVE-2014-2403?

CVE-2014-2403 affects Oracle Java SE versions 6u71, 7u51, and 1.8.0, as well as specific versions of icedtea and various Debian and Ubuntu distributions.

Can CVE-2014-2403 be exploited remotely?

Yes, CVE-2014-2403 can potentially be exploited remotely by untrusted Java applications or applets.

What are the potential impacts of CVE-2014-2403?

The potential impacts of CVE-2014-2403 include unauthorized access and disclosure of sensitive information on affected systems.

Vulnerability/
CVE-2014-2403

medium

14/4/2014

16/4/2014

12/4/2025

CVE-2014-2403

First published: Mon Apr 14 2014(Updated: )

It was discovered that JAXP the CharInfo object did not properly prevent access to arbitrary files when a SecurityManager is present. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information.

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
redhat/icedtea	<1.13.3	1.13.3
redhat/icedtea	<2.4.7	2.4.7
Ubuntu	=10.04
Ubuntu	=12.04
Ubuntu	=12.10
Ubuntu	=13.10
Ubuntu	=14.04
Oracle Java SE 7	=1.6.0-update71
Oracle Java SE 7	=1.7.0-update51
Oracle Java SE 7	=1.8.0
Oracle JRE	=1.6.0-update71
Oracle JRE	=1.7.0-update51
Oracle JRE	=1.8.0
Debian Linux	=6.0
Debian Linux	=7.0
Debian Linux	=8.0
	=10.04
	=12.04
	=12.10
	=13.10
	=14.04
	=1.6.0-update71
	=1.7.0-update51
	=1.8.0
	=1.6.0-update71
	=1.7.0-update51
	=1.8.0
	=6.0
	=7.0
	=8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-2403?
The severity of CVE-2014-2403 is classified as high due to its potential to disclose sensitive information.
How do I fix CVE-2014-2403?
To fix CVE-2014-2403, update to the latest version of the affected software such as icedtea 1.13.3 or 2.4.7, or the appropriate Oracle Java version.
What versions of software are affected by CVE-2014-2403?
CVE-2014-2403 affects Oracle Java SE versions 6u71, 7u51, and 1.8.0, as well as specific versions of icedtea and various Debian and Ubuntu distributions.
Can CVE-2014-2403 be exploited remotely?
Yes, CVE-2014-2403 can potentially be exploited remotely by untrusted Java applications or applets.
What are the potential impacts of CVE-2014-2403?
The potential impacts of CVE-2014-2403 include unauthorized access and disclosure of sensitive information on affected systems.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-2403
agent/software-canonical-lookup
agent/references
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
package-manager/redhat
vendor/canonical
canonical/ubuntu
version/ubuntu/10.04
version/ubuntu/12.04
version/ubuntu/12.10
version/ubuntu/13.10
version/ubuntu/14.04
vendor/oracle
canonical/oracle java se 7
version/oracle java se 7/1.6.0-update71
version/oracle java se 7/1.7.0-update51
version/oracle java se 7/1.8.0
canonical/oracle jre
version/oracle jre/1.6.0-update71
version/oracle jre/1.7.0-update51
version/oracle jre/1.8.0
vendor/debian
canonical/debian linux
version/debian linux/6.0
version/debian linux/7.0
version/debian linux/8.0