Lucene search

Veracode Vulnerability DatabaseVERACODE:14096

HistoryMay 02, 2019 - 4:44 a.m.

Sandbox Restrictions Bypass

2019-05-0204:44:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

OpenJDK 7 Java Runtime Environment and OpenJDK 7 Software Development Kit are vulnerable to sandbox restrictions bypass. The attack is due to the flaws in the font layout engine in the 2D component, allowing an attacker to trigger Java Virtual Machine memory corruption.

CPENameOperatorVersion
java-1.7.0-openjdkeq1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdkeq1.7.0.9__2.3.4.1.el6_3
java-1.7.0-openjdkeq1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdkeq1.7.0.5__2.2.1.el6_3
java-1.7.0-openjdkeq1.7.0.9__2.3.4.el5_9.1
java-1.7.0-openjdkeq1.7.0.3__2.1.el6.7
java-1.7.0-openjdkeq1.7.0.9__2.3.8.0.el6_4
java-1.7.0-openjdkeq1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdkeq1.7.0.9__2.3.5.3.el5_9
java-1.7.0-openjdkeq1.7.0.9__2.3.7.1.el6_3

Name	Operator	Version
java-1.7.0-openjdk	eq	1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdk	eq	1.7.0.9__2.3.4.1.el6_3
java-1.7.0-openjdk	eq	1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdk	eq	1.7.0.5__2.2.1.el6_3
java-1.7.0-openjdk	eq	1.7.0.9__2.3.4.el5_9.1
java-1.7.0-openjdk	eq	1.7.0.3__2.1.el6.7
java-1.7.0-openjdk	eq	1.7.0.9__2.3.8.0.el6_4
java-1.7.0-openjdk	eq	1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdk	eq	1.7.0.9__2.3.5.3.el5_9
java-1.7.0-openjdk	eq	1.7.0.9__2.3.7.1.el6_3

Rows per page:

1-10 of 1181

References

blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/

bugs.icu-project.org/trac/ticket/10107

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880

icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/NEWS

lists.apple.com/archives/security-announce/2013/Apr/msg00001.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html

lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html

lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html

lists.opensuse.org/opensuse-updates/2013-05/msg00017.html

lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html

marc.info/?l=bugtraq&m=137283787217316&w=2

rhn.redhat.com/errata/RHSA-2013-0752.html

rhn.redhat.com/errata/RHSA-2013-0757.html

rhn.redhat.com/errata/RHSA-2013-0758.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

site.icu-project.org/download/51#TOC-Known-Issues

www.mandriva.com/security/advisories?name=MDVSA-2013:145

www.mandriva.com/security/advisories?name=MDVSA-2013:161

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

www.securityfocus.com/bid/59131

www.ubuntu.com/usn/USN-1806-1

www.us-cert.gov/ncas/alerts/TA13-107A

access.redhat.com/security/updates/classification/#critical

bugzilla.redhat.com/show_bug.cgi?id=952656

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16527

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19386

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19526

rhn.redhat.com/errata/RHSA-2013-0751.html

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:14096