A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | java-1.6.0-openjdk | 2015-02-11 19:38 | ALAS-2015-480 |
Amazon Linux 1 | java-1.7.0-openjdk | 2015-01-22 14:18 | ALAS-2015-471 |
Amazon Linux 1 | java-1.8.0-openjdk | 2015-01-22 14:20 | ALAS-2015-472 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.1 | AV:L/AC:M/Au:S/C:P/I:P/A:P |
NVD | CVSSv2 | 4.3 | AV:L/AC:L/Au:S/C:P/I:P/A:P |