You are here
Oracle Critical Patch Update Advisory - July 2015 - Java, Solaris
Last update on 16. July 2015 - 15:26.
The Oracle Critical Patch Update for July 2015 includes updates for several Oracle products including Solaris and Java [1].
Airlock WAF is not affected.
Most of the Java vulnerabilities affect client deployments only. The remaining vulnerabilities are not relevant for Airlock WAF because the affected components are not used (JCE: CVE-2015-2601, CVE-2015-2613, JNDI: CVE-2015-4749, OCSP: CVE-2015-4748).
Most of the Sun Systems/Solaris vulnerabilities can only be exploited locally, which is not an issue for Airlock WAF because all local users are trusted. The remaining vulnerabilities affect Oracle Sun System components that do not lie in the responsibility of Airlock (CVE-2015-0235: ILOM, CVE-2014-3571, CVE-2013-5704, CVE-2014-3570: XCP firmware, CVE-2015-4750: LDOM Manager).
It is strongly recommended to apply the Critical Patch Update for Java to all Java client installations or to disable or even un-install Java from clients,
We further recommend to check whether your Oracle/Sun hardware (ILOM, firmware etc.) is affected by one of the vulnerabilities listed in the Oracle Sun Systems Products Suite Risk Matrix in [1].