Java 1.6.0_24 Released Patches DOS Vulnerability
By Pete Freitag
As mentioned last week, a pretty serious Denial Of Service vulnerability in the Java Virtual Machine was disclosed. It is important that you look into resolving this issue if you run any java based server side applications (including ColdFusion).
Yesterday Oracle released Java 1.6.0_24, which fixes the DOS issue. They also issued a patch last week that you can use if you don't want to upgrade your JVM. If you have the JVM set to auto update on Windows, installing the patch might break the auto update functionality, you should instead install the 1.6.0_24 release.
Update We have added a probe feature available to paid subscribers of HackMyCF which will alert you when you need to update your JVM.
Java 1.6.0_24 Released Patches DOS Vulnerability was first published on February 16, 2011.
If you like reading about java, or security then you might also like:
- Spring4Shell and ColdFusion
- Log4j 1.x Vulnerability Mitigation Guide
- Log4Shell Vulnerability Timeline
- How to get Log4j Version at Runtime in Java
Weekly Security Advisories Email
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).