Tables listing the exact number of vulnerabilities patched in each product, their severity score and the product versions they affect are included in Oracle's CPU advisory for October.
In addition to Java 7 Update 45, Oracle also released Java 6 Update 65 and Java 5 Update 55 that address the vulnerabilities that also apply to those older versions. However, Oracle discontinued public support for both Java 5 and 6, so these new security updates are only available to customers with extended support contracts.
"In order to address efficiently such a large patch release with over 120 vulnerabilities, we recommend working in the following sequence: Java first, as it is the most attacked software in this release, then vulnerabilities on services that are exposed to the Internet, such as Weblogic, HTTP and others," Wolfgang Kandek, CTO of vulnerability management firm Qualys, said Tuesday in a blog post. "Hopefully your databases are not directly exposed to the Internet, which should give you more time to bring them to the latest patch levels."