VMware Product Updates Address Critical Information Disclosure Issue In JRE
Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE.
VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Java SE Critical Patch Update Advisory of January 2015.
×
Diary Archives
Comments
if I'm not mistaken the main threat here is active MITM
if you access these via the internet - high severity is probably warranted.
for some of them, they should only be accessible via a trusted management network, in which case - it's a bit meh.
Anonymous
Apr 5th 2015
9 years ago
Errrrr
Anonymous
Apr 6th 2015
9 years ago