CVE-2014-6601

Public on 2015-01-21

Modified on 2015-02-11

Description

A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.

Severity

Critical

See what this means

CVSS v3 Base Score

6.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	java-1.6.0-openjdk	2015-02-11 19:38	ALAS-2015-480
Amazon Linux 1	java-1.7.0-openjdk	2015-01-22 14:18	ALAS-2015-471
Amazon Linux 1	java-1.8.0-openjdk	2015-01-22 14:20	ALAS-2015-472

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	6.8	AV:N/AC:M/Au:N/C:P/I:P/A:P
NVD	CVSSv2	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C

References

Red Hat: CVE-2014-6601 Mitre: CVE-2014-6601 FAQs regarding Amazon Linux ALAS/CVE Severity