<p>April 23, 2013 IDG News Service Java vulnerability hunters from Polish security research firm Security Explorations claim to have found a new vulnerability that affects the latest desktop and server versions of the Java Runtime Environment (JRE).</p><p>The vulnerability is located in Java's Reflection API component and can be used to completely bypass the Java security sandbox and execute arbitrary code on computers, Adam Gowdiak, the CEO of Security Explorations, said Monday in an email sent to the Full Disclosure mailing list. The flaw affects all versions of Java 7, including Java 7 Update 21 that was released by Oracle last Tuesday and the new Server JRE package released at the same time, he said.</p><p>As the name suggests, the Server JRE is a version of the Java Runtime Environment designed for Java server deployments. According to Oracle, the Server JRE doesn't contain the Java browser plug-in, a frequent target for Web-based exploits, the auto-update component or the installer found in the regular JRE package.</p><p>Although Oracle is aware that Java vulnerabilities can also be exploited on server deployments by supplying malicious input to APIs (application programming interfaces) in vulnerable components, its message has generally been that the majority of Java vulnerabilities only affect the Java browser plug-in or that the exploitation scenarios for Java flaws on servers are improbable, Gowdiak said Tuesday via email.</p><p><a href="http://www.csoonline.com/article/732285/serious-flaw-present-in-latest-java-runtime-environment-for-desktops-and-servers-researchers-say">Keep reading...</a></p><p>Read also:</p><p><a href="http://nakedsecurity.sophos.com/2013/04/23/unpatched-security-hole-java/">Yet another unpatched security hole found in Java</a> (Naked Security)</p><p><a href="http://www.darkreading.com/vulnerability/javas-security-renaissance-begins/240153478">Java&#039;s Security Renaissance Begins</a> (Dark Reading)</p><p><a href="http://www.informationweek.com/security/vulnerabilities/oracle-bug-hunter-spots-java-7-server-fl/240153337">Oracle Bug Hunter Spots Java 7 Server Flaw</a> (InformationWeek)</p><p>Explore: <a href="http://news.google.com/news/more?ncl=dV4y10HDfjKQepM2BD8-8HY-Wsc2M&ned=us">13 additional articles.</a></p>