Lucene search
John LeitchZDI-14-258HistoryJul 18, 2014 - 12:00 a.m.
Oracle Java ResourceBundle Format String Remote Code Execution Vulnerability
2014-07-1800:00:00
John Leitch
www.zerodayinitiative.com
30
EPSS
0.02
Percentile
89.0%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ResourceBundles. The issue lies in insufficient validation of user-supplied data when applying a ResourceBundle. An attacker can leverage this vulnerability to execute code under the context of the current process.
Related
prion
prion
Design/Logic Flaw
2014-07-17 05:10:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 08:56:47
nvd
nvd
CVE-2014-2490
2014-07-17 05:10:14
ubuntucve
ubuntucve
CVE-2014-2490
2014-07-17 00:00:00
cvelist
cvelist
CVE-2014-2490
2014-07-17 02:36:00
cve
cve
CVE-2014-2490
2014-07-17 05:10:14
openvas
openvas
CentOS Update for java CESA-2014:0907 centos5
2014-07-28 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security and bug fix update
2014-07-21 00:00:00
java-1.7.0-openjdk security update
2014-07-16 00:00:00
java-1.7.0-openjdk security update
2014-07-16 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2014-07-31 13:52:00
Critical: java-1.7.0-openjdk
2014-07-23 14:01:00
nessus
nessus
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-387)
2014-10-12 00:00:00
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/srpm/x86_64 (20140721)
2014-07-22 00:00:00
CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2014:0907)
2014-07-22 00:00:00
centos
centos
java security update
2014-07-21 18:20:14
java security update
2014-07-16 10:46:11
java security update
2014-07-16 10:53:36
redhat
redhat
(RHSA-2014:0907) Important: java-1.6.0-openjdk security and bug fix update
2014-07-21 00:00:00
(RHSA-2014:0889) Critical: java-1.7.0-openjdk security update
2014-07-16 00:00:00
(RHSA-2014:0890) Important: java-1.7.0-openjdk security update
2014-07-16 00:00:00
debian
debian
[SECURITY] [DSA 2980-1] openjdk-6 security update
2014-07-17 15:59:57
[SECURITY] [DSA 2987-1] openjdk-7 security update
2014-07-23 19:51:31
[SECURITY] [DLA 96-1] openjdk-6 security update
2014-11-28 10:25:51
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-08-12 00:00:00
OpenJDK 7 update
2014-09-17 00:00:00
OpenJDK 7 regression
2014-08-26 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix multiple vulnerabilities
2014-07-26 15:03:50
ibm
ibm
kaspersky
kaspersky
KLA10507 Multiple vulnerabilities in Oracle products
2014-07-17 00:00:00
suse
suse
Security update for openjdk (important)
2014-08-04 19:04:23
osv
osv
openjdk-6 - security update
2014-11-28 00:00:00
java-1_7_0-openjdk-1.7.0.121-1.1 on GA media
2024-06-15 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2015-02-15 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities
2014-07-21 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00