Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-6601

Published: 21/01/2015 Updated: 13/05/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Enterprise Linux

Vulnerability Summary

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 7.0

redhat enterprise linux 6.0

canonical ubuntu linux 12.04

novell suse linux enterprise server 12.0

debian debian linux 8.0

debian debian linux 7.0

canonical ubuntu linux 14.10

canonical ubuntu linux 14.04

novell suse linux enterprise desktop 11.0

redhat enterprise linux 5.0

canonical ubuntu linux 10.04

opensuse opensuse 13.2

oracle jdk 1.8.0

oracle jdk 1.7.0

oracle jdk 1.6.0

oracle jre 1.6.0

oracle jre 1.7.0

oracle jre 1.8.0

Vendor Advisories

Ubuntu Security Notice: openjdk-7 vulnerabilities
Several security issues were fixed in OpenJDK 7 ...
Ubuntu Security Notice: openjdk-6 vulnerabilities
Several security issues were fixed in OpenJDK 6 ...
Red Hat: Critical: java-1.7.0-oracle security update
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic Updated java-170-oracle packages that fix several security issues are nowavailable for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as having Critical ...
Red Hat: Important: java-1.8.0-openjdk security update
Synopsis Important: java-180-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-180-openjdk packages that fix multiple security issues arenow available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Important securityimpact Com ...
Red Hat: Important: java-1.7.0-openjdk security update
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-170-openjdk packages that fix multiple security issues arenow available for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Important securityimpact Com ...
Red Hat: Critical: java-1.8.0-oracle security update
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic Updated java-180-oracle packages that fix several security issues are nowavailable for Oracle Java for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Critical securityi ...
Red Hat: Important: java-1.6.0-openjdk security update
Synopsis Important: java-160-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix multiple security issues arenow available for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as having Important securityi ...
Red Hat: Critical: java-1.7.0-openjdk security update
Synopsis Critical: java-170-openjdk security update Type/Severity Security Advisory: Critical Topic Updated java-170-openjdk packages that fix multiple security issues arenow available for Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Critical securityimpact ...
Red Hat: Important: java-1.6.0-sun security update
Synopsis Important: java-160-sun security update Type/Severity Security Advisory: Important Topic Updated java-160-sun packages that fix several security issues are nowavailable for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as having Important se ...
Debian Security Advisories: DSA-3144-1 openjdk-7 -- security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service For the stable distribution (wheezy), these problems have been fixed in version 7u75-254-1~deb7u1 For the upcoming stable distribution (jessie), these p ...
Debian Security Advisories: DSA-3147-1 openjdk-6 -- security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service For the stable distribution (wheezy), these problems have been fixed in version 6b34-1136-1~deb7u1 We recommend that you upgrade your openjdk-6 packages ...
Red Hat: CVE-2014-6601
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions ...
Amazon Linux AMI: ALAS-2015-472
Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions (CVE-2014-6601, CVE-2015-0437) Multiple improper permission check issues ...
Amazon Linux AMI: ALAS-2015-480
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK An untrusted Java appli ...
Amazon Linux AMI: ALAS-2015-471
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK An untrusted Java appli ...

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.securitytracker.com/id/1031580http://www.debian.org/security/2015/dsa-3147http://marc.info/?l=bugtraq&m=142496355704097&w=2http://www.debian.org/security/2015/dsa-3144http://www.ubuntu.com/usn/USN-2487-1http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.htmlhttp://www.ubuntu.com/usn/USN-2486-1http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0080.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0068.htmlhttp://marc.info/?l=bugtraq&m=142607790919348&w=2http://rhn.redhat.com/errata/RHSA-2015-0079.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0085.htmlhttp://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581http://rhn.redhat.com/errata/RHSA-2015-0086.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.htmlhttp://www.vmware.com/security/advisories/VMSA-2015-0003.htmlhttps://security.gentoo.org/glsa/201603-14https://security.gentoo.org/glsa/201507-14http://www.securityfocus.com/bid/72132https://nvd.nist.govhttps://usn.ubuntu.com/2487-1/https://access.redhat.com/security/cve/cve-2014-6601
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook