Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: VMware Product Updates Address Critical Information Disclosure Issue In JRE - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VMware Product Updates Address Critical Information Disclosure Issue In JRE

VMSA-2015-0003

Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE.

VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Java SE Critical Patch Update Advisory of January 2015.

DidierStevens

372 Posts
ISC Handler
https://www.smacktls.com/#skip the original issue in question. plus https://access.redhat.com/security/cve/CVE-2014-6593

if I'm not mistaken the main threat here is active MITM
if you access these via the internet - high severity is probably warranted.
for some of them, they should only be accessible via a trusted management network, in which case - it's a bit meh.
Mallory Bobalice

28 Posts
> 4 decades ago

Errrrr
Mallory Bobalice

28 Posts

Sign Up for Free or Log In to start participating in the conversation!