CVE-2014-4218
First published: Tue Jul 15 2014(Updated: )
It was discovered that the Libraries component did not properly clone the interface array before passing it to proxy methods. An untrusted Java application or applet could possibly use this flaw to bypass intended security restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JDK 6 | =1.5.0-update65 | |
| Oracle JDK 6 | =1.6.0-update75 | |
| Oracle JDK 6 | =1.7.0-update60 | |
| Oracle JDK 6 | =1.8.0-update5 | |
| Oracle Java Runtime Environment (JRE) | =1.5.0-update65 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update75 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update60 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0264.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/59404
- http://secunia.com/advisories/59680
- http://secunia.com/advisories/59924
- http://secunia.com/advisories/59985
- http://secunia.com/advisories/59986
- http://secunia.com/advisories/59987
- http://secunia.com/advisories/60081
- http://secunia.com/advisories/60129
- http://secunia.com/advisories/60245
- http://secunia.com/advisories/60317
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60622
- http://secunia.com/advisories/60812
- http://secunia.com/advisories/60817
- http://secunia.com/advisories/61577
- http://secunia.com/advisories/61640
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www-01.ibm.com/support/docview.wss?uid=swg21680334
- http://www-01.ibm.com/support/docview.wss?uid=swg21686383
- http://www-01.ibm.com/support/docview.wss?uid=swg21686824
- http://www.debian.org/security/2014/dsa-2980
- http://www.debian.org/security/2014/dsa-2987
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68583
- http://www.securitytracker.com/id/1030577
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/errata/RHSA-2014:0902
- https://access.redhat.com/errata/RHSA-2014:0908
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94599
- https://rhn.redhat.com/errata/RHSA-2014-0890.html
- https://rhn.redhat.com/errata/RHSA-2014-0889.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028550.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html
- http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/3e67a6bf5683
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/81353e2baf81
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0902.html
- https://rhn.redhat.com/errata/RHSA-2014-0908.html
- https://rhn.redhat.com/errata/RHSA-2014-0907.html
- https://rhn.redhat.com/errata/RHSA-2014-1033.html
- https://rhn.redhat.com/errata/RHSA-2014-1036.html
- https://rhn.redhat.com/errata/RHSA-2014-1042.html
- https://rhn.redhat.com/errata/RHSA-2014-1041.html
- https://rhn.redhat.com/errata/RHSA-2015-0264.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1119611
Frequently Asked Questions
What is the severity of CVE-2014-4218?
CVE-2014-4218 has been classified as a critical vulnerability due to its potential to allow unauthorized access to sensitive data.
How do I fix CVE-2014-4218?
To fix CVE-2014-4218, it is recommended to update to the latest version of Oracle JDK or JRE that addresses this vulnerability.
What versions of Oracle software are affected by CVE-2014-4218?
CVE-2014-4218 affects Oracle JDK and JRE versions 1.5.0-update65, 1.6.0-update75, 1.7.0-update60, and 1.8.0-update5.
What kind of attacks can exploit CVE-2014-4218?
CVE-2014-4218 can be exploited by untrusted Java applications or applets to bypass security restrictions.
Is CVE-2014-4218 related to Java security?
Yes, CVE-2014-4218 is specifically related to Java security, as it involves improper handling of interface arrays leading to potential security breaches.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-4218
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.5.0-update65
- version/oracle jdk 6/1.6.0-update75
- version/oracle jdk 6/1.7.0-update60
- version/oracle jdk 6/1.8.0-update5
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.5.0-update65
- version/oracle java runtime environment (jre)/1.6.0-update75
- version/oracle java runtime environment (jre)/1.7.0-update60
- version/oracle java runtime environment (jre)/1.8.0-update5