What are the potential impacts of CVE-2014-2423?

CVE-2014-2423 allows untrusted Java applications or applets to bypass Java sandbox restrictions, potentially compromising security.

How can I mitigate the risk associated with CVE-2014-2423?

To mitigate CVE-2014-2423, users should upgrade to versions of Oracle Java SE that are patched against this vulnerability.

What versions of Oracle Java SE are affected by CVE-2014-2423?

CVE-2014-2423 affects Oracle Java SE versions 6u71, 7u51, and 8, along with Java SE Embedded versions.

Is there a patch available for CVE-2014-2423?

Yes, patches are available for affected Oracle Java SE and related software versions; upgrading to the latest version will resolve this issue.

What should I do if I am using an affected version of Java according to CVE-2014-2423?

If you're using an affected version of Java, it is crucial to update to the recommended versions immediately to prevent exploitation.

Vulnerability/
CVE-2014-2423

high

7.5

14/4/2014

16/4/2014

6/8/2024

CVE-2014-2423

First published: Mon Apr 14 2014(Updated: )

It was discovered that JAXWS incorrectly cached certain data initialized via thread context class loaders. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
redhat/icedtea	<1.13.3	1.13.3
redhat/icedtea	<2.4.7	2.4.7
Ubuntu	=10.04
Ubuntu	=12.04
Ubuntu	=12.10
Ubuntu	=13.10
Ubuntu	=14.04
Oracle OpenJDK 1.8.0	=1.6.0-update71
Oracle OpenJDK 1.8.0	=1.7.0-update51
Oracle OpenJDK 1.8.0	=1.8.0
Oracle JRE	=1.6.0-update71
Oracle JRE	=1.7.0-update51
Oracle JRE	=1.8.0
Debian	=6.0
Debian	=7.0
Debian	=8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What are the potential impacts of CVE-2014-2423?
CVE-2014-2423 allows untrusted Java applications or applets to bypass Java sandbox restrictions, potentially compromising security.
How can I mitigate the risk associated with CVE-2014-2423?
To mitigate CVE-2014-2423, users should upgrade to versions of Oracle Java SE that are patched against this vulnerability.
What versions of Oracle Java SE are affected by CVE-2014-2423?
CVE-2014-2423 affects Oracle Java SE versions 6u71, 7u51, and 8, along with Java SE Embedded versions.
Is there a patch available for CVE-2014-2423?
Yes, patches are available for affected Oracle Java SE and related software versions; upgrading to the latest version will resolve this issue.
What should I do if I am using an affected version of Java according to CVE-2014-2423?
If you're using an affected version of Java, it is crucial to update to the recommended versions immediately to prevent exploitation.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-2423
agent/software-canonical-lookup
agent/author
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/canonical
canonical/ubuntu
version/ubuntu/10.04
version/ubuntu/12.04
version/ubuntu/12.10
version/ubuntu/13.10
version/ubuntu/14.04
vendor/oracle
canonical/oracle openjdk 1.8.0
version/oracle openjdk 1.8.0/1.6.0-update71
version/oracle openjdk 1.8.0/1.7.0-update51
version/oracle openjdk 1.8.0/1.8.0
canonical/oracle jre
version/oracle jre/1.6.0-update71
version/oracle jre/1.7.0-update51
version/oracle jre/1.8.0
vendor/debian
canonical/debian
version/debian/6.0
version/debian/7.0
version/debian/8.0