http://adtmag.com/articles/2014/10/21/java-security-patches.aspx
By John K. Waters
adtmag.com
10/21/2014
Oracle's recently released quarterly Critical Patch Update (CPU) contained
155 new security vulnerability fixes across Oracle's product lines,
including 25 for new Java SE vulnerabilities and 9 affecting the Java
Virtual Machine (JVM) in the Oracle Database.
The list of Java vulnerabilities addressed with this CPU includes 20 that
affect client-only deployments of Java SE, 2 of which are
browser-specific, four that affect client and server deployments of Java
SE, and one that affects client and server deployments of the Java Secure
Socket Extension (JSSE). Oracle says 22 of the fixes address
vulnerabilities that may be remotely exploitable without authentication --
an attacker wouldn't need a user name or password to exploit them over a
network.
Oracle uses the Common Vulnerability Scoring System (CVSS) to provide an
open and standardized rating of the security holes it finds in its
products. One of the Java SE vulnerabilities (CVE-2014-6513) received the
highest CVSS Base Score of 10. Ten others were ranked a 9 or higher,
meaning they could allow a complete compromise of the targeted client,
though the access complexity to exploit these vulnerabilities is
considered "medium."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
