The first issue is due to three errors related to the use
of "reflection" APIs in the JRE, which could be exploited by attackers to
read and write local files or execute local applications by convincing a
user to visit a specially crafted Web page.
The second vulnerability is due to an error in Java Management Extensions
(JMX) when handling specially crafted applets, which could be exploited by
attackers to read and write local files or execute local applications with
the privileges of the user running the untrusted
applet.
The third is due to an unspecified error when handling specially crafted
applets, which could be exploited by attackers to read and write local
files or execute local applications with the privileges of the user
running the untrusted applet.
All of these vulnerabilities apply only to applet containers that execute
malicious code downloaded from server applications. These vulnerabilities
do not apply to most applications running in WebSphere® Application
Server, because the Application Server is trusted code.
To eliminate these vulnerabilities, please ensure you are up to date
with the following:
|