Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Java - JRE, SDK Java Web Start

Re: Java - JRE, SDK Java Web Start

From: Blue Boar <BlueBoar_at_thievco.com>
Date: Tue, 17 Jul 2007 11:56:34 -0700

Even Sun's own installer will not remove previous versions. Even when
the security hole was that you could explicitly request a previous
version at runtime.

No sir, I don't like it.

                                BB

jfvanmeter_at_comcast.net wrote:
> How does everyone feel about java being installed by vendors in a propriety path i.e. program files\mysoftware\bin\jre\1.4.0\ and never patching it.
>
> I ran an enterprise scan to looking for javaws.exe and found it in 175 unique paths. Should they be held accountable for the patching of java when they install it?
>
> I had one vendor who installed java 1.3 and 1.4, and when I ask them about it. There statement was “you don’t have the modules that require those versions you can just delete them”
>
> How does everyone patch Java that is not installed in its default location?
>
Received on Jul 17 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos