Oracle Java SE Remote Vulnerabilities (CVE-2014-0429)

Release date:
Updated on:

Affected Systems:
Oracle Java SE JRockit R28.3.1
Oracle Java SE JRockit R27.8.1
Oracle Java SE Embedded 7u51
Oracle Java SE 8
Oracle Java SE 7u51
Oracle Java SE 6u71
Oracle Java SE 5.0u61
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66856
CVE (CAN) ID: CVE-2014-0429
 
Java SE is short for Java platform standard edition based on JDK and JRE. It is used to develop and deploy Java applications on the desktop, server, and embedded devices and real-time environments.
 
Oracle Java SE has a remote security vulnerability in the implementation of Java SE, JRockit, and Java SE Embedded components. This vulnerability can be exploited through multiple protocols, unauthenticated remote attackers can exploit this vulnerability to affect the confidentiality, integrity, and availability of affected components. Versions affected by this vulnerability include Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8, JRockit R27.8.1, JRockit R28.3.1, and Java SE Embedded 7u51.
 
<* Source: Oracle

Link: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Oracle
------
Oracle has released a Security Bulletin (cpuapr2014-1972952) and patches for this:
Cpuapr2014-1972952: Oracle Critical Patch Update Advisory-specification l 2014
Link: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
 
Patch download:
Https://support.oracle.com/rs? Type = doc & id = 1636775.1