Vulnerability Development mailing list archives

Re: Java - JRE, SDK Java Web Start

From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 17 Jul 2007 11:56:34 -0700

Even Sun's own installer will not remove previous versions. Even when
the security hole was that you could explicitly request a previous
version at runtime.

No sir, I don't like it.

                                BB

jfvanmeter () comcast net wrote:

How does everyone feel about java being installed by vendors in a propriety path i.e. program 
files\mysoftware\bin\jre\1.4.0\ and never patching it. 

I ran an enterprise scan to looking for javaws.exe and found it in 175 unique paths. Should they be held accountable 
for the patching of java when they install it?

I had one vendor who installed java 1.3 and 1.4, and when I ask them about it. There statement was “you don’t have 
the modules that require those versions you can just delete them”

How does everyone patch Java that is not installed in its default location?

Current thread:

Java - JRE, SDK Java Web Start jfvanmeter (Jul 17)
- Re: Java - JRE, SDK Java Web Start Kish Pent (Jul 17)
- Re: Java - JRE, SDK Java Web Start Blue Boar (Jul 17)
- Re: Java - JRE, SDK Java Web Start 3APA3A (Jul 18)
- <Possible follow-ups>
- Re: Java - JRE, SDK Java Web Start jfvanmeter (Jul 18)