OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)

🗓️ 16 Apr 2014 11:23:49Reported by RedHatType

OpenJDK activation framework cache flaw enabling remote web services attacks on Java Standard Edition 6u71, 7u51, 8 and Java Embedded 7u51.

Reporter	Title	Published	Views	Family All 227
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition	15 Jun 201807:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for IBM Support Assistant April 2014 CPU	15 Jun 201807:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server April 2014 CPU	15 Jun 201807:00	–	ibm
IBM Security Bulletins	Security Bulletin: Potential security vulnerabilities with JavaTM SDKs	22 Sep 202203:02	–	ibm
IBM Security Bulletins	Security Bulletin: InfoSphere Streams is possibly affected by vulnerabilities in the IBM® SDK, Java™ Technology Edition (CVE-2014-0453 and CVE-2014-0460)	16 Jun 201813:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time	15 Jun 201807:00	–	ibm
Tenable Nessus	AIX Java Advisory : java_apr2014_advisory.asc	28 Jul 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-326)	23 Apr 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-327)	23 Apr 201400:00	–	nessus
Tenable Nessus	CentOS 6 : java-1.7.0-openjdk (CESA-2014:0406)	17 Apr 201400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	java-1.7.0-openjdk	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.7.0-openjdk	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-1:1.7.0.55-2.4.7.1.el5_10.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.7.0-openjdk-debuginfo	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.7.0-openjdk-debuginfo	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-debuginfo-1:1.7.0.55-2.4.7.1.el5_10.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.7.0-openjdk-demo	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.7.0-openjdk-demo	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-demo-1:1.7.0.55-2.4.7.1.el5_10.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.7.0-openjdk-devel	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.7.0-openjdk-devel	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-devel-1:1.7.0.55-2.4.7.1.el5_10.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.7.0-openjdk-javadoc	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.7.0-openjdk-javadoc	1:1.7.0.55-2.4.7.1.el5_10	java-1.7.0-openjdk-javadoc-1:1.7.0.55-2.4.7.1.el5_10.x86_64.rpm

Source	Link
oracle	www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
access	www.access.redhat.com/security/cve/CVE-2014-0458
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-0458
cve	www.cve.org/CVERecord

28 Jun 2026 12:23Current

7.1High risk

Vulners AI Score7.1

CVSS 27.5

EPSS0.04936