- Vulnerability/
- REDHAT-BUG-1356987
REDHAT-BUG-1356987
First published: Fri Jul 15 2016(Updated: )
It was discovered that the Hotspot component of OpenJDK did not properly restrict access to the invokeBasic() method of the MethodHandle class. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Build of OpenJDK with Hotspot |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-1356987?
The severity of REDHAT-BUG-1356987 is classified as critical due to the potential bypass of Java sandbox restrictions.
How do I fix REDHAT-BUG-1356987?
To fix REDHAT-BUG-1356987, you should upgrade to the latest version of OpenJDK that includes the necessary patches.
Who is affected by REDHAT-BUG-1356987?
Anyone using the OpenJDK Hotspot component is potentially affected by REDHAT-BUG-1356987.
What type of exploit is associated with REDHAT-BUG-1356987?
REDHAT-BUG-1356987 can be exploited by an untrusted Java application or applet to bypass Java sandbox restrictions.
What components are involved in the vulnerability identified by REDHAT-BUG-1356987?
The component involved in REDHAT-BUG-1356987 is the Hotspot component of OpenJDK.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3587
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openjdk
- canonical/microsoft build of openjdk with hotspot