Oracle Java SE Remote Vulnerabilities (CVE-2014-2428)

Release date:
Updated on:

Affected Systems:
Oracle Java SE Embedded 7u51
Oracle Java SE 8
Oracle Java SE 7u51
Oracle Java SE 6u71
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66870
CVE (CAN) ID: CVE-2014-2428
 
Java SE is short for Java platform standard edition based on JDK and JRE. It is used to develop and deploy Java applications on the desktop, server, and embedded devices and real-time environments.
 
Oracle Java SE has a remote security vulnerability in the implementation of Java SE and Java SE Embedded components. This vulnerability can be exploited through multiple protocols, unauthenticated remote attackers can exploit this vulnerability to affect the confidentiality, integrity, and availability of affected components. Versions affected by this vulnerability include: Java SE 6u71, Java SE 7u51, Java SE 8, and Java SE Embedded 7u51.
 
<* Source: Oracle

Link: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Oracle
------
Oracle has released a Security Bulletin (cpuapr2014-1972952) and patches for this:
Cpuapr2014-1972952: Oracle Critical Patch Update Advisory-specification l 2014
Link: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
 
Patch download:
Https://support.oracle.com/rs? Type = doc & id = 1636775.1