Vulnerability Development mailing list archives
Re: Java - JRE, SDK Java Web Start
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 17 Jul 2007 11:56:34 -0700
Even Sun's own installer will not remove previous versions. Even when the security hole was that you could explicitly request a previous version at runtime. No sir, I don't like it. BB jfvanmeter () comcast net wrote:
How does everyone feel about java being installed by vendors in a propriety path i.e. program files\mysoftware\bin\jre\1.4.0\ and never patching it. I ran an enterprise scan to looking for javaws.exe and found it in 175 unique paths. Should they be held accountable for the patching of java when they install it? I had one vendor who installed java 1.3 and 1.4, and when I ask them about it. There statement was “you don’t have the modules that require those versions you can just delete them” How does everyone patch Java that is not installed in its default location?
Current thread:
- Java - JRE, SDK Java Web Start jfvanmeter (Jul 17)
- Re: Java - JRE, SDK Java Web Start Kish Pent (Jul 17)
- Re: Java - JRE, SDK Java Web Start Blue Boar (Jul 17)
- Re: Java - JRE, SDK Java Web Start 3APA3A (Jul 18)
- <Possible follow-ups>
- Re: Java - JRE, SDK Java Web Start jfvanmeter (Jul 18)