Oracle has provide his Java Critical Patch Update (CPU) for June 2013 who has been released on Tuesday, June 18. On the 40 security vulnerabilities fixed in this CPU, 37 of them may be remotely exploitable. The highest CVSS Base Score for vulnerabilities in this CPU is 10.0.
As you may know Oracle is using CVSS 2.0 (Common Vulnerability Scoring System) in order to score the reported vulnerabilities. But as you also may know security researchers disagree with the usage of CVSS by Oracle. Oracle play with CVSS score by creating a “Partial+” impact rating how don’t exist in CVSS 2.0, and by interpreting the “Complete” rating in a different way than defined in CVSS 2.0.
Affected products are:
- JDK and JRE 7 Update 21 and earlier
- JDK and JRE 6 Update 45 and earlier
- JDK and JRE 5.0 Update 45 and earlier
- JavaFX 2.2.21 and earlier
11 of the vulnerabilities have a CVSS base score of 10.0, 20 of the vulnerabilities have a high CVSS base score (CVSS => 7.0), 18 of the vulnerabilities have a medium CVSS base score (CVSS >= 4.0 < 7.0) and 2 of the vulnerabilities has a low CVSS base score (CVSS < 4.0). Also 33 of the vulnerabilities affects Java SE 6 and 38 of the vulnerabilities are affecting Java SE 7.
Don’t know what to do today? What about updating #java? http://t.co/M7102zpabX
RT @eromang: Oracle Java Critical Patch Update June 2013 Review http://t.co/yfw5JpOAr9
RT @eromang: Oracle Java Critical Patch Update June 2013 Review http://t.co/SPxnbPtOKW
#Oracle #Java Critical Patch Update June 2013 Review | Eric Romang http://t.co/6tpmNgRDHb
#Oracle #Java Critical Patch Update June 2013 Review | Eric Romang http://t.co/9b250iKP5w
Oracle Java Critical Patch Update June 2013 Review http://t.co/SPxnbPtOKW