If you are unable to update to Java 7 Update 10, see the solution section of Vulnerability Note VU#636312 for instructions on how to disable Java on a per-browser basis. According to Setting the Security Level of the Java Client,įor installations where the highest level of security is required, it is possible to entirely prevent any Java apps (signed or unsigned) from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. The version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. As with any software, unnecessary features should be disabled or removed as appropriate for your environment. To defend against these vulnerabilities, consider disabling Java in web browsers until adequate updates are available. This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered. Java 7 Update 17 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets. Oracle Security Alert for CVE-2013-1493 states that Java 7 Update 17 ( 7u17) and and Java 6 Update 43 address this vulnerability (CVE-2013-1493) and a different but equally severe vulnerability (CVE-2013-0809).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |