It's tens of nanoseconds per byte in JDK6; multiple orders of magnitude slower than C memcmp, because Java implements the compare in Java, not just as a wrapper around C.
It's exploitable "on LAN, but not over the Internet", which is deceptive because "on LAN" also means "anywhere from within the same hosting center"; attackers can get on the "same LAN" as most servers for tens of dollars.
It's exploitable "on LAN, but not over the Internet", which is deceptive because "on LAN" also means "anywhere from within the same hosting center"; attackers can get on the "same LAN" as most servers for tens of dollars.