Oracle Java JNDI Sandbox Bypass (CVE-2014-0422)
A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to the insecure getContextClassLoader method in the JNDI component. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet...