You are here

Oracle Critical Patch Update Advisory - January 2015 - Java, Solaris

IDs: 
CVE-2014-6593, CVE-2014-3566, CVE-2015-0410, CVE-2015-0383, CVE-2014-6481, CVE-2003-0001, CVE-2004-0230, CVE-2015-0375, CVE-2014-6575
Keywords: 
Oracle CPU, Java, Solaris
Description: 

The Oracle Critical Patch Update for January 2015 includes updates for several Oracle products including Solaris and Java.

Airlock WAF is not affected.

Most of the Java vulnerabilities affect client deployments only. The remaining vulnerabilities are not relevant for Airlock because they can only be exploited locally (CVE-2015-0383) or the affected components are not used by Airlock (CVE-2015-0410, CVE-2014-3566, CVE-2014-6593).

Most of the Sun Systems/Solaris vulnerabilities can only be exploited locally, which is not an issue for Airlock because all local users are trusted. 10 vulnerabilities affect hardware or firmware, rather than the the Airlock WAF itself. The remaining vulnerabilities affect the TCP/IP stack and network drivers. These vulnerabilities are not critical for Airlock WAF.

Resolution: 

It is strongly recommended to apply the Critical Patch Update for Java to all Java client installations or to disable or even un-install Java from clients

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required