VMware Product Updates Address Critical Information Disclosure Issue In JRE


Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE.

VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Java SE Critical Patch Update Advisory of January 2015.


678 Posts
ISC Handler
Apr 4th 2015
https://www.smacktls.com/#skip the original issue in question. plus https://access.redhat.com/security/cve/CVE-2014-6593

if I'm not mistaken the main threat here is active MITM
if you access these via the internet - high severity is probably warranted.
for some of them, they should only be accessible via a trusted management network, in which case - it's a bit meh.
Mallory Bobalice

28 Posts
> 4 decades ago

Mallory Bobalice

28 Posts

Sign Up for Free or Log In to start participating in the conversation!