OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)

🗓️ 10 Jun 2014 12:34:29Reported by RedHatType

OpenJDK AWT FlavorMap separation enables remote attacks via AWT; affects Oracle Java SE versions and Java SE Embedded; not CVE-2014-2412.

Reporter	Title	Published	Views	Family All 245
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition	15 Jun 201807:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for IBM Support Assistant April 2014 CPU	15 Jun 201807:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server April 2014 CPU	15 Jun 201807:00	–	ibm
IBM Security Bulletins	Security Bulletin: Potential security vulnerabilities with JavaTM SDKs	22 Sep 202203:02	–	ibm
IBM Security Bulletins	Security Bulletin: InfoSphere Streams is possibly affected by vulnerabilities in the IBM® SDK, Java™ Technology Edition (CVE-2014-0453 and CVE-2014-0460)	16 Jun 201813:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time	15 Jun 201807:00	–	ibm
Tenable Nessus	AIX Java Advisory : java_apr2014_advisory.asc	28 Jul 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-326)	23 Apr 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-327)	23 Apr 201400:00	–	nessus
Tenable Nessus	CentOS 6 : java-1.7.0-openjdk (CESA-2014:0406)	17 Apr 201400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	ppc64	java-1.6.0-openjdk	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-1:1.6.0.0-6.1.13.3.el7_0.ppc64.rpm
Red Hat Enterprise Linux	7	s390x	java-1.6.0-openjdk	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-1:1.6.0.0-6.1.13.3.el7_0.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.6.0-openjdk	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-1:1.6.0.0-6.1.13.3.el7_0.x86_64.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.6.0-openjdk-debuginfo	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-debuginfo-1:1.6.0.0-6.1.13.3.el7_0.ppc64.rpm
Red Hat Enterprise Linux	7	s390x	java-1.6.0-openjdk-debuginfo	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-debuginfo-1:1.6.0.0-6.1.13.3.el7_0.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.6.0-openjdk-debuginfo	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-debuginfo-1:1.6.0.0-6.1.13.3.el7_0.x86_64.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.6.0-openjdk-demo	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-demo-1:1.6.0.0-6.1.13.3.el7_0.ppc64.rpm
Red Hat Enterprise Linux	7	s390x	java-1.6.0-openjdk-demo	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-demo-1:1.6.0.0-6.1.13.3.el7_0.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.6.0-openjdk-demo	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-demo-1:1.6.0.0-6.1.13.3.el7_0.x86_64.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.6.0-openjdk-devel	1:1.6.0.0-6.1.13.3.el7_0	java-1.6.0-openjdk-devel-1:1.6.0.0-6.1.13.3.el7_0.ppc64.rpm

Source	Link
oracle	www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
access	www.access.redhat.com/security/cve/CVE-2014-0451
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-0451
cve	www.cve.org/CVERecord

28 Jun 2026 12:11Current

7.1High risk

Vulners AI Score7.1

CVSS 27.5

EPSS0.04936