|Skip Navigation Links|
|Exit Print View|
| Sun Storage Common Array Manager
Software Release Notes, Release 6.9.0 Update
This section addresses security vulnerability CVE-2012-4681 as it applies to the Oracle Java SE 6 Update 20 that is installed as part of Sun Storage Common Array Manager Software 6.9 (CAM 6.9). As reported in the Oracle Security Alert for CVE-2012-4681 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html, this vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets.
CAM 6.9 installs Java SE 6 Update 20 in a private CAM directory to run configuration and monitoring functions, and to provide BUI and CLI user interfaces. These functions are implemented as Java SE applications, not applets, so the applet security vulnerability described by CVE-2012-4681 does not affect the parts of Java SE that CAM uses. This version of Java SE is used only by CAM. It is distinct from the Java SE installed in default locations on the server for use by other applications.
The user is responsible for installing an updated Java SE for use by other applications, such as web browsers, running on the CAM management host. Details are specified in the Oracle Security Alert mentioned above. A user can verify that their browser is running an updated Java SE by checking the java deployment property file as described in the Java Plug-in and Applet Architecture (http://docs.oracle.com/javase/6/docs/technotes/guides/jweb/applet/applet_execution.html ).