You are here

Critical Vulnerability Affecting Java SE running in Web Browsers

IDs: 
CVE-2016-0636
Keywords: 
java
Description: 

Oracle warns of a critical Java vulnerability affecting Java SE running in web browsers. An attacker can take over a client if the user visits a malicious web page with Java SE enabled in the web browser [1].

The following supported Java SE versions are affected: 7u97, 8u73, 8u74

Airlock WAF is not affected because the vulnerability affects only Java SE running in web browsers.

Resolution: 

We strongly recommend to update all client installations of Java - or even better un-installing Java from clients where it is not needed.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required