Flash (Alert)
Abstract
This Alert is meant to inform you of potential security vulnerability issues that may occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Rational Host On-Demand.
Content
There is a vulnerability in Oracle Java SE for Java 7 Update 10 and earlier.
Refer to the following Oracle alert for further details:
Oracle Security Alert for CVE-2013-0422
This vulnerability can only be exploited as a client-side attack specifically targeting the browser software located on a user's desktop.
The Host On-Demand product does not contain any of these faulty components. However, if you have downloaded a vulnerable Oracle JRE and installed it on your workstation to be active in your browser, your workstation is vulnerable to takeover if you visit a compromised web site.
Note: The IBM Software Development Kit (SDK) and IBM Java Runtime Environment (JRE) are not vulnerable to this exploit.
Suggested actions include:
- Avoid visiting untrusted web sites while Java is enabled.
- Use IBM JRE 6 SR 12 available on Fix Central
For Windows clients: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Host+On-Demand&release=1.6.0.12&platform=Windows&function=all
For Linux clients: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Host+On-Demand&release=1.6.0.12&platform=Linux&function=all
References:
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.