Seems like it applies to Java, period. So yes, could affect servers. It's another sandboxing bypass. It's just unlikely that you're depending on sandboxing on servers, unless you're running some shared environment with untrusted code from third-parties.
"bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields"
Sandboxing in JVM is broken. Server code does not rely on that (most of the time). Sandboxing is inherently insecure. It usually comes with appropriate warnings (ex: Python) and everybody is expected to understand that it is a half measure at best.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-468...
"bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields"