CVE-2014-2483
First published: Tue Jul 15 2014(Updated: )
It was discovered that the Libraries component did not properly restrict the use of privileged annotations. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian | =7.0 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update60 | |
| Oracle JRE | =1.7.0-update60 | |
| OpenJDK 8 | =1.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2014-0890.html
- https://rhn.redhat.com/errata/RHSA-2014-0889.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html
- http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0902.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1119626
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60812
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www.debian.org/security/2014/dsa-2987
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68608
- http://www.securitytracker.com/id/1030577
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/errata/RHSA-2014:0902
Frequently Asked Questions
What is the severity of CVE-2014-2483?
CVE-2014-2483 has been classified with a high severity level due to the potential for exploitation to bypass Java sandbox restrictions.
How do I fix CVE-2014-2483?
To fix CVE-2014-2483, you should update your Java environment to the latest version provided by Oracle.
What types of software are affected by CVE-2014-2483?
CVE-2014-2483 affects multiple versions of Oracle Java SE, Red Hat Enterprise Linux, and Debian Linux.
Can untrusted applications exploit CVE-2014-2483?
Yes, untrusted Java applications or applets can exploit CVE-2014-2483 to potentially bypass Java sandbox restrictions.
What components are involved in CVE-2014-2483?
CVE-2014-2483 involves the Libraries component of Java SE that does not properly restrict the use of privileged annotations.
- agent/type
- agent/first-publish-date
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-2483
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/debian
- version/debian/7.0
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- vendor/oracle
- canonical/oracle openjdk 1.8.0
- version/oracle openjdk 1.8.0/1.7.0-update60
- canonical/oracle jre
- version/oracle jre/1.7.0-update60
- canonical/openjdk 8
- version/openjdk 8/1.7.0