CVE-2014-4223
First published: Tue Jul 15 2014(Updated: )
It was discovered that the Libraries component did not properly handle method invocations with an exhausted rank. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Java SE 7 | =1.7.0-update60 | |
| Oracle JRE | =1.7.0-update60 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60812
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www.debian.org/security/2014/dsa-2987
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68590
- http://www.securitytracker.com/id/1030577
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/errata/RHSA-2014:0902
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94594
- https://rhn.redhat.com/errata/RHSA-2014-0890.html
- https://rhn.redhat.com/errata/RHSA-2014-0889.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/84bce1b3d28a
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0902.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1119602
Frequently Asked Questions
What is the severity of CVE-2014-4223?
CVE-2014-4223 has a moderate severity rating due to its potential to allow untrusted Java applications to bypass security restrictions.
How do I fix CVE-2014-4223?
To fix CVE-2014-4223, update to the latest version of Oracle Java SE or JDK that addresses this vulnerability.
What versions are affected by CVE-2014-4223?
CVE-2014-4223 affects Oracle JDK and JRE version 1.7.0-update60.
Can CVE-2014-4223 be exploited remotely?
Yes, CVE-2014-4223 can potentially be exploited remotely by an attacker using an untrusted Java application.
What are the implications of CVE-2014-4223?
The implications of CVE-2014-4223 include the possibility of unauthorized access and execution of code due to bypassing sandbox restrictions.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-4223
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle java se 7
- version/oracle java se 7/1.7.0-update60
- canonical/oracle jre
- version/oracle jre/1.7.0-update60