It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy.
External References: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2011:1380 https://rhn.redhat.com/errata/RHSA-2011-1380.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2011:1384 https://rhn.redhat.com/errata/RHSA-2011-1384.html
java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:0006 https://rhn.redhat.com/errata/RHSA-2012-0006.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0034 https://rhn.redhat.com/errata/RHSA-2012-0034.html
This issue has been addressed in following products: RHEL 4 for SAP RHEL 5 for SAP RHEL 6 for SAP Via RHSA-2012:0343 https://rhn.redhat.com/errata/RHSA-2012-0343.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0508 https://rhn.redhat.com/errata/RHSA-2012-0508.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html