9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AtomicReferenceFieldUpdater in OpenJDK does not properly check if the field to be updated is of primitive type. An untrusted Java application or applet could use flaw to trigger Java virtual machine memory corruption and possibly bypass Java sandbox restrictions.
lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
marc.info/?l=bugtraq&m=140852886808946&w=2
marc.info/?l=bugtraq&m=140852974709252&w=2
rhn.redhat.com/errata/RHSA-2015-0264.html
seclists.org/fulldisclosure/2014/Dec/23
secunia.com/advisories/59404
secunia.com/advisories/59680
secunia.com/advisories/59924
secunia.com/advisories/59985
secunia.com/advisories/59986
secunia.com/advisories/59987
secunia.com/advisories/60081
secunia.com/advisories/60129
secunia.com/advisories/60245
secunia.com/advisories/60317
secunia.com/advisories/60485
secunia.com/advisories/60622
secunia.com/advisories/60812
secunia.com/advisories/60817
secunia.com/advisories/61577
secunia.com/advisories/61640
security.gentoo.org/glsa/glsa-201502-12.xml
www-01.ibm.com/support/docview.wss?uid=swg21680334
www-01.ibm.com/support/docview.wss?uid=swg21686383
www-01.ibm.com/support/docview.wss?uid=swg21686824
www.debian.org/security/2014/dsa-2980
www.debian.org/security/2014/dsa-2987
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
www.securityfocus.com/archive/1/534161/100/0/threaded
www.securityfocus.com/bid/68599
www.securitytracker.com/id/1030577
www.vmware.com/security/advisories/VMSA-2014-0012.html
access.redhat.com/errata/RHSA-2014:0902
access.redhat.com/errata/RHSA-2014:0908
access.redhat.com/security/updates/classification/#critical
exchange.xforce.ibmcloud.com/vulnerabilities/94595
rhn.redhat.com/errata/RHSA-2014-0889.html