WebLogic 10.3.2 and Security Alert CVE-2010-4476

Comments
-
Refer to the following document id in My Oracle Support for detailed information on Security Alert CVE-2010-4476
"Security Alert CVE-2010-4476 Patch Availability Document (Doc ID 1291950.1)"
PeopleSoft as such is not concerned, but as we use Java in 2 parts, you have to make sure that:
- the JRE under PS_HOME is updated
- the JDK used by the webservers is updatedDepending on your OS, it will be provided by Sun(Oracle) or by your OS vendor.
See: http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.htmlWhat you have to do:
- make sure your JRE and JRockIt are version required by doc http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html
- download JRockIt here: http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html and JRE: http://www.oracle.com/technetwork/java/javase/downloads/index.html
(for 8.48, you will have to get a 'Previous Release', JRE 1.4.2 - for 8.50, current 1.6.0)Then, get the fpupdater from http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html
Unzip and copy it in:
- PS_HOME\jre\bin
- BEA_HOME\JRockit_you just_installed\jre\binExecute the file as explained in http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html
0