A critical Java class library security vulnerability was blogged on the Internet and is now in the public domain. This can be used as a denial of service attack against app servers. This vulnerability affects all versions and releases of Java (1.4.2, 5.0 and 6.0) on all platforms. Web servers and web services are particularly at risk.
To remediate this vulnerability, you will need to perform two distinct actions. You will need to update the Java Runtime Environment (JRE). The Java Runtime Environment provides the libraries, the Java Virtual Machine, and other components to run applets and applications.
You also need to update your application server's Java Developer Kit (JDK). The JDK lets you develop and deploy Java applications on desktops and servers.
We are currently in the process of compiling the list of fixes for JRE and JDK used in the affected product. This data is expected to be available shortly.
Please do not open a PMR or contact Product Support at this time for this issue. This document will be updated immediately once we can provide product specific details.