CVE-2014-2483
First published: Tue Jul 15 2014(Updated: )
It was discovered that the Libraries component did not properly restrict the use of privileged annotations. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =7.0 | |
| Red Hat Enterprise Linux | =5 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Oracle JDK 6 | =1.7.0-update60 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update60 | |
| Oracle OpenJDK | =1.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2014-0890.html
- https://rhn.redhat.com/errata/RHSA-2014-0889.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html
- http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0902.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1119626
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60812
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www.debian.org/security/2014/dsa-2987
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68608
- http://www.securitytracker.com/id/1030577
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/errata/RHSA-2014:0902
- agent/type
- agent/first-publish-date
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-2483
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.7.0-update60
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0-update60
- canonical/oracle openjdk
- version/oracle openjdk/1.7.0