You are here

Home › Oracle Critical Patch Update Advisory - April 2015 - Java, Solaris

Oracle Critical Patch Update Advisory - April 2015 - Java, Solaris

Submitted on 15. April 2015 - 16:17 by rischi.
Last update on 19. January 2017 - 14:38.
IDs: 
CVE-2015-0469 CVE-2015-0459 CVE-2015-0491 CVE-2015-0460 CVE-2015-0492 CVE-2015-0458 CVE-2015-0484 CVE-2015-0480 CVE-2015-0486 CVE-2015-0477 CVE-2015-0470 CVE-2015-0488 CVE-2015-0478 CVE-2015-0204 CVE-2015-2578 CVE-2014-3566 CVE-2015-0452 CVE-2015-2577
Keywords: 
Oracle CPU, Java, Solaris
Description: 

The Oracle Critical Patch Update for April 2015 includes updates for several Oracle products including Solaris and Java.

Airlock WAF is not affected.

Most of the Java vulnerabilities affect client deployments only. The remaining vulnerabilities are not relevant for Airlock WAF because the affected components are not used (JSSE: CVE-2015-0488, CVE-2015-0204, JCE: CVE-2015-0478).

Most of the Sun Systems/Solaris vulnerabilities can only be exploited locally, which is not an issue for Airlock WAF because all local users are trusted. The remaining vulnerabilities affect a Solaris version or component not used by Airlock WAF (Kernel IDMap in Solaris 11: CVE-2015-2578, MGMT XML interface: CVE-2014-3566, Ldom Manager: CVE-2015-0452).

Resolution: 

It is strongly recommended to apply the Critical Patch Update for Java to all Java client installations or to disable or even un-install Java from clients

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
Oracle Critical Patch Update Advisory - April 2015
© Ergon Informatik AG