You are here

Oracle Critical Patch Update Advisory - April 2015 - Java, Solaris

CVE-2015-0469 CVE-2015-0459 CVE-2015-0491 CVE-2015-0460 CVE-2015-0492 CVE-2015-0458 CVE-2015-0484 CVE-2015-0480 CVE-2015-0486 CVE-2015-0477 CVE-2015-0470 CVE-2015-0488 CVE-2015-0478 CVE-2015-0204 CVE-2015-2578 CVE-2014-3566 CVE-2015-0452 CVE-2015-2577
Oracle CPU, Java, Solaris

The Oracle Critical Patch Update for April 2015 includes updates for several Oracle products including Solaris and Java.

Airlock WAF is not affected.

Most of the Java vulnerabilities affect client deployments only. The remaining vulnerabilities are not relevant for Airlock WAF because the affected components are not used (JSSE: CVE-2015-0488, CVE-2015-0204, JCE: CVE-2015-0478).

Most of the Sun Systems/Solaris vulnerabilities can only be exploited locally, which is not an issue for Airlock WAF because all local users are trusted. The remaining vulnerabilities affect a Solaris version or component not used by Airlock WAF (Kernel IDMap in Solaris 11: CVE-2015-2578, MGMT XML interface: CVE-2014-3566, Ldom Manager: CVE-2015-0452).


It is strongly recommended to apply the Critical Patch Update for Java to all Java client installations or to disable or even un-install Java from clients

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required