|
|||
Rule General Information |
---|
Release Date: | 2020-08-11 | |
Rule Name: | Oracle Java JNDI Sandbox Bypass Vulnerability -1 (CVE-2014-0422) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. | |
Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
Affected OS: | Windows, Linux, Others | |
Reference: | SecurityFocusBID:64758 SecurityTrackerID:1029608 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html |