Description
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
https://blogs.oracle.com/security/entry/february_2013_critical_patch_update
states:
3 of the vulnerabilities fixed in this Critical Patch Update apply to client and server deployment of Java; that means that these vulnerabilities can be exploited on desktops through Java Web Start and Java applets in Browser, or in servers, by supplying malicious input to APIs in the vulnerable server components. In some instances, the exploitation scenario of this kind of bugs on servers is very improbable; for example, one of these vulnerabilities can only be exploited against a server in the unlikely scenario that the server was allowed to process image files from an untrusted source.
Now we know we are doing improbable things every day.
The patch is already out - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html but will be updated on 19th Feb.
Attachments
Issue Links
- relates to
-
CONFCLOUD-28051 Update to the latest patchlevel of bundled JRE - server-side security vulnerability exist.
- Closed
-
HPT-2598 Loading...
- mentioned in
-
Wiki Page Loading...