Java Vulnerability (CVE-2014-4244)

Last update: 4 August 2017

Java Vulnerability (CVE-2014-4244)

Summary

This is an information regarding a security issue in Oracle Java SE (Standard Edition) and Oracle JRockit.

Information

An undisclosed vulnerability has been found in Oracle Java SE (Standard Edition) and Oracle JRockit.

According to the Oracle Critical Patch Update Advisory - July 2014 this vulnerability applies to "...client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service."

For further information, please refer to the References section.

Solution

Oracle Java SE 6 Update 75 and lower

Although the CVE-2014-4244 vulnerability also applies to versions of Java SE 6 Update 75 (6u75) and earlier, the support for Java SE 6 has expired and new versions of Java SE 6 are only available through the Java SE Support program. Therefore, assistance with the upgrade of Java SE 6 can only be provided by your Oracle software vendor.

Oracle Java SE 7 Update 60 and lower

If you are using Java SE 7 Update 60 (7u60) or lower we recommend to update to Java SE 7 Update 65 (7u65), available from Oracle.

The Java binary is used in a wide range of Fabasoft products, including Fabasoft Folio, Fabasoft eGov-Suite and Fabasoft Mindbreeze.

Warning: Upgrading your Java SE version may lead to unexpected behaviour. Please test extensively before issuing the update on a productive system.

Fabasoft Folio / Fabasoft eGov-Suite

For all versions of Fabasoft Folio and Fabasoft eGov-Suite that support Java SE 7, no additional steps need to be taken after upgrading the Java SE version.

Fabasoft Mindbreeze

If you are using a version of Fabasoft Mindbreeze that supports Java SE 7, you need to apply a hotfix in addition to updating to Java SE 7 Update 65.

Note: If you require the aforementioned hotfix for your Fabasoft Mindbreeze installation, please contact Fabasoft Support.

Oracle Java SE 8 Update 5 and lower

Currently no versions of Fabasoft products require Java SE 8 in any affected version.

References

Applies to

  • Fabasoft Folio
  • Fabasoft eGov-Suite
  • Fabasoft Mindbreeze