Oracle has released a patch which attempted to patch this vulnerability. Subsequent testing has revealed that the actual source of the problem lies
within the underlying java class files. The April patch fails to properly load
the newer patched classes which means that these problems can still be
exploited on some versions. Oracle 10g systems with patchset 2 and the April patch have been tested and appear to mitigate the issue.