Robert, in a word, No. Refer to this quote here: "An important distinction that needs to be made between in-the-browser Java and the far more common Java runtime environment," says Jo DeMesy, senior analyst for Stach & Liu. "This vulnerability does not affect Web applications with utilize the Java server-side, which is by far the most common use of the Java programming language. The vulnerability lies within the Java runtime exposed to Web clients which load a malicious Java applet. This type of implementation is much less common [in enterprise applications]."
As the article states towards the end, organizations need to begin replacing these applets/plugins (and ActiveX controls, Flash, etc.) with browser-based solutions using HTML5, et.al. I know my company launched into a panic over our servers, both CF and other Java-based ones but as we told them, it's in the browser plug-in, not in our server runtime. However, the concern of Oracle, and to a lesser extent all the JVM implementations out there, is the fact that tech leadership will see "Java Exploit Can't be Closed" and start moving people onto other platforms when the risk is on the client side, not server, Phil On Wed, Jan 16, 2013 at 10:43 AM, Robert Harrison < [email protected]> wrote: > > I'd assume you've all been seeing the recent reports on Java. It's been > officially announced by HomeLand Security that the zero day error and other > problems are too deeply embedded in Java to fix with a patch. Their > official recommendation is to remove Java from all machines. I know Oracle > put out a patch for this, but reports are the patch is considered > insufficient and the problems too close to the core to fix. Information > Week has an article on recommending users scale back on use of Java, remove > it wherever possible, and do no further Java development. For example, see: > > > http://www.darkreading.com/database-security/167901020/security/news/240146361/the-death-of-java-in-the-enterprise.html?cid=nl_DR_daily_2013-01-16_html&elq=4d908631d1b04069869fc003faf4e182 > > Question is: Could this be the death of CF? CF has been tenuous for > several years now, and given that the core system on which CF is built > (Java) is now getting bad press, what do you think this means for the > future of CF? > > > > Robert Harrison > Director of Interactive Services > > Austin & Williams > Advertising I Branding I Digital I Direct > 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 > T 631.231.6600 X 119 F 631.434.7022 > http://www.austin-williams.com > > Blog: http://www.austin-williams.com/blog > Twitter: http://www.twitter.com/austin_ > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353932 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
