OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)

🗓️ 05 Feb 2015 19:35:28Reported by RedHatType

OpenJDK Libraries have an incorrect ClassLoader getParent() permission check that could let untrusted applets bypass the sandbox.

Reporter	Title	Published	Views	Family All 79
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition	15 Jun 201807:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-0138, CVE-2014-6549, CVE-2015-0408, CVE-2015-0412, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0410, CVE-2015-0407,	17 Jun 201805:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK, and IBM Java Runtime Technology Edition affect Rational Functional Tester	29 Sep 201820:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Storage Productivity Center January 2015 CPU	19 Aug 202223:26	–	ibm
IBM Security Bulletins	Security Bulletin: Upward Integration Module for HP Openview Operations for Windows is affected by multiple vulnerabilities in IBM Java SDK	31 Jan 201901:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time	15 Jun 201807:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities, including Freak and Bar Mitzvah, in IBM Java SDK affect IBM i.	18 Dec 201914:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)	31 Jan 201902:10	–	ibm
IBM Security Bulletins	Security Bulletin: CICS Transaction Gateway for Multiplatforms	15 Jun 201807:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU	15 Jun 201807:02	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	i686	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el6_6	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el6_6.i686.rpm
Red Hat Enterprise Linux	6	ppc	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el6_6	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el6_6.ppc.rpm
Red Hat Enterprise Linux	6	ppc64	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el6_6	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el6_6.ppc64.rpm
Red Hat Enterprise Linux	6	s390	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el6_6	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el6_6.s390.rpm
Red Hat Enterprise Linux	6	s390x	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el6_6	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el6_6.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el6_6	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el6_6.x86_64.rpm
Red Hat Enterprise Linux	7	i686	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el7_0	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el7_0.i686.rpm
Red Hat Enterprise Linux	7	ppc	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el7_0	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el7_0.ppc.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el7_0	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el7_0.ppc64.rpm
Red Hat Enterprise Linux	7	s390	java-1.7.1-ibm	1:1.7.1.2.10-1jpp.3.el7_0	java-1.7.1-ibm-1:1.7.1.2.10-1jpp.3.el7_0.s390.rpm

Source	Link
oracle	www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
access	www.access.redhat.com/security/cve/CVE-2014-6549
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-6549
cve	www.cve.org/CVERecord

13 Jan 2026 22:36Current

6.1Medium risk

Vulners AI Score6.1

CVSS 210

EPSS0.04577