Oracle Java SE JNDI Remote Code Execution Vulnerability (CVE-2014-0422)

  Severity: CRITICAL
  CVE Identifier: 2014-0422
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1005899
  Trend Micro Deep Security DPI Rule Name: 1005899 - Oracle Java SE JNDI Remote Code Execution Vulnerability (CVE-2014-0422)

  AFFECTED SOFTWARE AND VERSION

  • oracle jdk 1.5.0
  • oracle jdk 1.6.0
  • oracle jdk 1.7.0
  • oracle jre 1.5.0
  • oracle jre 1.6.0
  • oracle jre 1.7.0