甲骨文发布了季度安全补丁更新,总共修复了128个安全漏洞,42个属于Java SE 安全漏洞,其中19个是高危漏洞,39个与Java Web Start插件相关。Java主要应用于服务器端,需要客户端运行Java applet的网站并不多见。甲骨文建议企业和机构尽可能快的应用安全更新。过去几个月,不断有互联网公司报告因为Java(主要是插件)0day漏洞而导致计算机被黑客入侵。安全专家担心,根据新发现Java漏洞的频率,Java在很长时间内将仍然会是一种容易受攻击的软件。
Oracle released its quarterly Critical Patch Update (CPU) for April, which addressed a whopping 128 security issues across multiple product families. As part of its update, Oracle released a Java SE Critical Patch Update to plug 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication. According to security analyst Wade Williamson, organizations need to realize that Java will continue to pose a significant risk. "The first step is for an organization to understand precisely where and why Java is needed," Williamson wrote. "Based on the rate of newly discovered vulnerabilities, security teams should assume that Java is and will continue to be vulnerable." Organizations should to take a long, hard look at Java and answer for themselves if it"s worth it, Williamson added. Due to the threat posed by a successful attack, Oracle is strongly recommending that organizations apply the security fixes as soon as possible.Oracle Agile Engineering Data Management远程安全漏洞(CVE-2013-0410)MediaWiki XML外部实体漏洞相关资讯 Java SE安全漏洞 本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并接受上述条款
|
|
易网时代-编程资源站