Java exposed a remote code execution vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201561281
Type myhack58
Reporter 佚名
Modified 2015-04-17T00:00:00


Following the beginning of the month the Java website exposure local file inclusion(LFI)vulnerability, you can read more than 4 6 0 Oracle employees mailbox after. Today Java and exposed a series of security vulnerabilities, the attacker may not be authorized in the case of the victims of the Java application on the remote execution command, it is strongly recommended enterprise as soon as possible to update their Java Runtime Environments (JREs and Java Development Kits)JDKs on.

The scope of the impact

5, 6, 7 and 8 versions of the JRE/JDK are the presence of the security vulnerability

Java 7 last update

For Java 7, This will be the last update of security patches.

Java 7 in 2 0 1 1 year 7 months first release. Oracle in 2 0 1 5 years 4 months stop of Java 7 public updates. This with the company life the Java policy is consistent--in the main version of the official supply GA three years after, the next main version of the GA a year later and the next major version is Java. com is set as the default JRE for six months after the stops public updates.

That is to say in after today, only the Java 8 updates security patches. This news may be a large number of Java users cry Halo in the toilet......

Safety recommendations

Later on only Java 8, and that the previous version if there is a problem how to do it?

1, The existing version of Java comprehensive upgrade, re-test, and re-deployment of its lifecycle to the Java SE 8 version; 2. install all of the Java Container RASP new technologies.

Oracle this rapidly the end of the Java version of the life-cycle behavior advantageous and has Cons, the pros is that you can better promote the language evolution and product innovation; the Cons is that the millions of Java 7 The user is placed in the fend position.