CVE-2014-4219
First published: Tue Jul 15 2014(Updated: )
It was discovered that the bytecode verification did not properly prevent ctor calls to this() and super() from certain code constructs. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Java SE 7 | =1.6.0-update75 | |
| Oracle Java SE 7 | =1.7.0-update60 | |
| Oracle Java SE 7 | =1.8.0-update5 | |
| Oracle JRE | =1.6.0-update75 | |
| Oracle JRE | =1.7.0-update60 | |
| Oracle JRE | =1.8.0-update5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0264.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/59404
- http://secunia.com/advisories/59680
- http://secunia.com/advisories/59924
- http://secunia.com/advisories/59985
- http://secunia.com/advisories/59986
- http://secunia.com/advisories/59987
- http://secunia.com/advisories/60081
- http://secunia.com/advisories/60129
- http://secunia.com/advisories/60245
- http://secunia.com/advisories/60317
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60622
- http://secunia.com/advisories/60812
- http://secunia.com/advisories/60817
- http://secunia.com/advisories/61577
- http://secunia.com/advisories/61640
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www-01.ibm.com/support/docview.wss?uid=swg21680334
- http://www-01.ibm.com/support/docview.wss?uid=swg21686383
- http://www-01.ibm.com/support/docview.wss?uid=swg21686824
- http://www.debian.org/security/2014/dsa-2980
- http://www.debian.org/security/2014/dsa-2987
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68620
- http://www.securitytracker.com/id/1030577
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/errata/RHSA-2014:0902
- https://access.redhat.com/errata/RHSA-2014:0908
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94589
- https://rhn.redhat.com/errata/RHSA-2014-0890.html
- https://rhn.redhat.com/errata/RHSA-2014-0889.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028550.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html
- http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/6177a94d77fd
- http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/5632578b9520
- http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/458f18560343
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0902.html
- https://rhn.redhat.com/errata/RHSA-2014-0908.html
- https://rhn.redhat.com/errata/RHSA-2014-0907.html
- https://rhn.redhat.com/errata/RHSA-2014-1033.html
- https://rhn.redhat.com/errata/RHSA-2014-1036.html
- https://rhn.redhat.com/errata/RHSA-2014-1042.html
- https://rhn.redhat.com/errata/RHSA-2014-1041.html
- https://rhn.redhat.com/errata/RHSA-2015-0264.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1119596
Frequently Asked Questions
What is the severity of CVE-2014-4219?
CVE-2014-4219 has a high severity rating as it allows untrusted Java applications to bypass sandbox restrictions.
How do I fix CVE-2014-4219?
To fix CVE-2014-4219, update to the latest version of Oracle Java SE or apply the relevant security patches provided by Oracle.
Which software is affected by CVE-2014-4219?
CVE-2014-4219 affects multiple versions of Oracle JDK and JRE, specifically versions 1.6.0-update75, 1.7.0-update60, and 1.8.0-update5.
What type of vulnerability is CVE-2014-4219?
CVE-2014-4219 is a code execution vulnerability that arises due to improper bytecode verification in Java.
Can I run untrusted Java applications without risk after patching CVE-2014-4219?
Even after patching CVE-2014-4219, it is advisable to avoid running untrusted Java applications to minimize security risks.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-4219
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle java se 7
- version/oracle java se 7/1.6.0-update75
- version/oracle java se 7/1.7.0-update60
- version/oracle java se 7/1.8.0-update5
- canonical/oracle jre
- version/oracle jre/1.6.0-update75
- version/oracle jre/1.7.0-update60
- version/oracle jre/1.8.0-update5