CVE-2014-2490
First published: Tue Jul 15 2014(Updated: )
It was discovered that the event logger contains a format string error. An untrusted Java application or applet could possibly use this flaw to cause the Java Virtual Machine to crash, or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HPE HP-UX | =b.11.23 | |
| HPE HP-UX | =b.11.31 | |
| Debian GNU/Linux | =7.0 | |
| Oracle JDK 6 | =1.7.0-update60 | |
| Oracle JDK 6 | =1.8.0-update5 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update60 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2014-0890.html
- https://rhn.redhat.com/errata/RHSA-2014-0889.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028550.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html
- http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/dd7d490e72af
- http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/02f12a9d5aec
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0902.html
- https://rhn.redhat.com/errata/RHSA-2014-0907.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1119597
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/60129
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60812
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www.debian.org/security/2014/dsa-2980
- http://www.debian.org/security/2014/dsa-2987
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68645
- http://www.securitytracker.com/id/1030577
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/errata/RHSA-2014:0902
Frequently Asked Questions
What is the severity of CVE-2014-2490?
CVE-2014-2490 has a high severity rating due to the possibility of crashing the Java Virtual Machine or executing arbitrary code.
How do I fix CVE-2014-2490?
To fix CVE-2014-2490, ensure that you update to the latest version of the affected software, including the latest patches provided by the vendor.
Which software is affected by CVE-2014-2490?
CVE-2014-2490 affects specific versions of HP-UX, Debian Linux, and Oracle JDK and JRE.
What kind of impact can CVE-2014-2490 cause?
CVE-2014-2490 can lead to a denial of service or potential unauthorized access due to code execution vulnerabilities.
Is there a workaround for CVE-2014-2490?
There are no known effective workarounds for CVE-2014-2490; the recommended method is to update the software promptly.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-2490
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hpe hp-ux
- version/hpe hp-ux/b.11.23
- version/hpe hp-ux/b.11.31
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.7.0-update60
- version/oracle jdk 6/1.8.0-update5
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0-update60
- version/oracle java runtime environment (jre)/1.8.0-update5