You are here

Oracle Critical Patch Update Advisory - July 2015 - Java, Solaris

CVE-2015-2601, CVE-2015-2613, CVE-2015-4749, CVE-2015-4748, CVE-2015-2659
Oracle CPU, Java, Solaris

The Oracle Critical Patch Update for July 2015 includes updates for several Oracle products including Solaris and Java [1].

Airlock WAF is not affected.

Most of the Java vulnerabilities affect client deployments only. The remaining vulnerabilities are not relevant for Airlock WAF because the affected components are not used (JCE: CVE-2015-2601, CVE-2015-2613, JNDI: CVE-2015-4749, OCSP: CVE-2015-4748).

Most of the Sun Systems/Solaris vulnerabilities can only be exploited locally, which is not an issue for Airlock WAF because all local users are trusted. The remaining vulnerabilities affect Oracle Sun System components that do not lie in the responsibility of Airlock (CVE-2015-0235: ILOM, CVE-2014-3571, CVE-2013-5704, CVE-2014-3570: XCP firmware, CVE-2015-4750: LDOM Manager).


It is strongly recommended to apply the Critical Patch Update for Java to all Java client installations or to disable or even un-install Java from clients,

We further recommend to check whether your Oracle/Sun hardware (ILOM, firmware etc.) is affected by one of the vulnerabilities listed in the Oracle Sun Systems Products Suite Risk Matrix in [1].

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required