There's a tool on the Oracle site to help users fix the hole, a link to which can be found in the article.Abstract
Java API Documentation contains a frame injection vulnerability.
Content
VULNERABILITY DETAILS:
CVEID: CVE-2013-1571
DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the documentation, which injects arbitrary content into the mainframe. The injected content appears to originate from the site hosting the documentation, but in fact it is hosted elsewhere, and may contain malicious links or content. This type of attack is known as "clickjacking".
The attack does not require authentication and may be exploited remotely if the html page is network available, but some degree of specialized knowledge and techniques are required. An exploit would not impact the confidentiality of information or the availability of the system, but data integrity could be compromised.
(A security hole related to Java? Well, there's a first. Still, I suppose that Iboglix could also do to the Java API documentation what they did with the .Net API documentation; just forget to include it in the install package, say that they'll put it up for download later and then, to the best of my knowledge, continue not to do so.)