Security Alert (A16-03-09): Vulnerability in Oracle Java


 

Published on: 24 March 2016

  
  

Description:

Oracle has published a security advisory to address a security vulnerability found in Java SE sub-component Hotspot that could be exploited without authentication. An attacker could entice a user to open a specially crafted web page to exploit the vulnerability.


Reports indicate that technical details of the vulnerability are publicly disclosed.


Affected Systems:

Oracle Java SE

  • JDK and JRE 7 Update 97, JDK and JRE 8 Update 73 and 34

Impact:

A successful attack could impact the availability, integrity, and confidentiality of a vulnerable system.


Recommendation:

Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Java Platform SE 8 (JDK and JRE 8 Update 77)
    http://www.oracle.com/technetwork/java/javase/downloads/index.html

Java SE 6 and 7 have reached their End-Of-Life (EOL) already. Users should consider upgrading to the latest Java SE versions or contact their product support vendors for extended support in Java SE 6 and 7 with charged service.

More Information:

http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0636



Tag: Oracle , Java
Tags