Forum Thread: Cat. 4 Threat

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Oracle Corporation
And, this specific program:
Oracle Java JRE 1.6.x / 6.x

This thread has been marked as locked.
JDHamilton Cat. 4 Threat
Member 26th Nov, 2008 16:51
Ranking: 0
Posts: 3
User Since: 26th Nov, 2008
System Score: N/A
Location: N/A
PSI is showing three entries as Cat. 4 threat. Clicking on solution button doesn't seem to do anything.

Digerati RE: Cat. 4 Threat
Member 26th Nov, 2008 17:24
Score: 30
Posts: 11
User Since: 26th Nov 2008
System Score: N/A
Location: US
Interesting you got these just today - which ones? I ask because I too got 3 errors - two Cat4. The two Cat-4 both SunJava JRE 1.6.x/6.x.
Was this reply relevant?
+0
-0
frednico RE: Cat. 4 Threat
Member 26th Nov, 2008 17:34
Score: 0
Posts: 1
User Since: 26th Nov 2008
System Score: N/A
Location: N/A
I have the same problem. I went to my add and remove program and I have the 1.6.0.30 update. I only have two of the JRE 1.6.x/6.x entries on my secunia scan.
Maybe I should just remove the sun program altogether.
Was this reply relevant?
+0
-0
JDHamilton RE: Cat. 4 Threat
Member 26th Nov, 2008 17:59
Score: 0
Posts: 3
User Since: 26th Nov 2008
System Score: N/A
Location: N/A
The file is java.exe and it has three occurrences in three different locations. Two are in the Java directory anf the third is in windows sys32 directory.
Was this reply relevant?
+0
-0
sunshinejody RE: Cat. 4 Threat
Member 28th Nov, 2008 04:33
Score: 0
Posts: 1
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
I am sorry but I don't understand your reply about the System 32 ."exe" part. What am I supposed to do? I, like the others, have the same errors and the solutions do not work.
Thank you for any help.
Joanne
Sunshinejody
Was this reply relevant?
+0
-0
BigDave_39 RE: Cat. 4 Threat
Member 28th Nov, 2008 08:05
Score: 0
Posts: 177
User Since: 26th Nov 2008
System Score: N/A
Location: Washington, DC, US
Try to copy and paste the paths to where the PSI detected your installations of Sun Java - it may help to understand why it is being detected

--
Big Dave
Was this reply relevant?
+0
-0
OldPaul100 RE: Cat. 4 Threat
Member 28th Nov, 2008 14:21
Score: 0
Posts: 2
User Since: 24th Jun 2009
System Score: N/A
Location: N/A
I'm new Secunia after its recommendation in Windows Secrets Newsletter.
I'm running Vista Home Premium with Mozilla Firefox. I've had the same problem. Java says I have the right Version of Java to use with Firefox (jre1.6.0.10.7) but when its runs the test Applet it says it is 1.6.0_01 which is the version of the Folder. I've checked the update log which says it was sucessfully updated to jre1.6.0_01. It doesn't seem from Widows Explorer that many files were updated when I did the Re-install except the executable in Windows\System32\jre.exe which is now to today's date and time.
Like Others in this thread it also seems that the Secunia update buttons will not work for Java. Very odd.
I've some other gripes about the way Secunia seems to work but bthat is for another thread
Was this reply relevant?
+0
-0
towner RE: Cat. 4 Threat
Member 28th Nov, 2008 16:06
Score: 0
Posts: 4
User Since: 8th Oct 2008
System Score: N/A
Location: N/A
I get the same indications as well.
I would like to know why the "Download Solution or Solution Wizard" fix are not enabled?
Also, it would be very helpful if one could copy and paste info off the results pages, to bring here for edification~
Was this reply relevant?
+0
-0
BigDave_39 RE: Cat. 4 Threat
Member 28th Nov, 2008 16:47
Score: 0
Posts: 177
User Since: 26th Nov 2008
System Score: N/A
Location: Washington, DC, US
Last edited on 28th Nov, 2008 16:48
on 28th Nov, 2008 16:06, towner wrote:
I would like to know why the "Download Solution or Solution Wizard" fix are not enabled?


It was the same on mine.. Does your program entry say "requires uninstall"? Maybe that is a hint, you need to uninstall the old copy.


on 28th Nov, 2008 16:06, towner wrote:

Also, it would be very helpful if one could copy and paste info off the results pages, to bring here for edification~


I have no problem copy and pasting from the psi... Are you using CTRL+C?

--
Big Dave
Was this reply relevant?
+0
-0
This user no longer exists RE: Cat. 4 Threat
Member 29th Nov, 2008 10:23
Sun Java is notorious for leaving vulnerable old versions of itself installed so go to Add/Remove Programs and un-install all versions of Sun Java then reboot.

Download JavaRa then run it and have it remove remnants of Sun Java:
http://raproducts.org

Install the latest Sun Java Version 6 Update 10:
http://www.java.com/en/download
Was this reply relevant?
+0
-0
JDHamilton RE: Cat. 4 Threat
Member 29th Nov, 2008 17:23
Score: 0
Posts: 3
User Since: 26th Nov 2008
System Score: N/A
Location: N/A
Thanks for the help!
Was this reply relevant?
+0
-0
vaisforlovers2003 RE: Cat. 4 Threat
Member 30th Nov, 2008 06:03
Score: 0
Posts: 1
User Since: 30th Nov 2008
System Score: N/A
Location: N/A
thank you for the info
Joanne
Was this reply relevant?
+0
-0
paul100 RE: Cat. 4 Threat
Member 30th Nov, 2008 14:07
Score: 0
Posts: 2
User Since: 28th Nov 2008
System Score: N/A
Location: N/A
Last edited on 30th Nov, 2008 14:09
From Paul100,
Thanks for info, will try it later.
Just a funny I don't seem to have my user name attached to my posting. I can't find any way to get at the format info. What's needed?

Just tried it and now it's working, funny.
Was this reply relevant?
+0
-0
towner RE: Cat. 4 Threat
Member 2nd Dec, 2008 17:30
Score: 0
Posts: 4
User Since: 8th Oct 2008
System Score: N/A
Location: N/A
Last edited on 2nd Dec, 2008 17:33
on 28th Nov, 2008 16:47, BigDave_39 wrote:
It was the same on mine.. Does your program entry say "requires uninstall"? Maybe that is a hint, you need to uninstall the old copy.
No, it's didn't say that. I will look everything over closer.
Again, thanks

on 28th Nov, 2008 16:47, BigDave_39 wrote:

I have no problem copy and pasting from the psi... Are you using CTRL+C?

No, But I will try that the next time..thanks.
Was this reply relevant?
+0
-0
brownimfc RE: Cat. 4 Threat
Member 10th Dec, 2008 10:45
Score: 0
Posts: 3
User Since: 25th Apr 2008
System Score: N/A
Location: Rochdale, UK
on 29th Nov, 2008 10:23, wrote:
Install the latest Sun Java Version 6 Update 10:
http://www.java.com/en/download[/quote]

Unfortunately, that version of Java breaks a lot of plugins for FF.

http://forums.java.net/jive/thread.jspa?messageID=...
Was this reply relevant?
+0
-0
mapych RE: Cat. 4 Threat
Member 10th Dec, 2008 12:07
Score: 0
Posts: 47
User Since: 27th Nov 2008
System Score: N/A
Location: CH
Last edited on 10th Dec, 2008 12:08
Today, after the PSI weekly scan, PSI warned me that my Java6 Update 10 had to be updated.

The default delay of one month of the built in java autoupdate seems to be a little bit too long, so I've set it now to each week too.

So I just installed Java6 Update 11 using the built in java autoupdate,
and it is the first time ever that the older java version has been automatically deinstalled !

Was this reply relevant?
+0
-0
brownimfc RE: Cat. 4 Threat
Member 10th Dec, 2008 12:25
Score: 0
Posts: 3
User Since: 25th Apr 2008
System Score: N/A
Location: Rochdale, UK
Just installed update 11 and it also breaks a major plugin that I use. The creator of the plugin has been informed.

Fortunately, the install left update 7 on my PC which works.
Was this reply relevant?
+0
-0
This user no longer exists RE: Cat. 4 Threat
Member 10th Dec, 2008 15:58
on 10th Dec, 2008 10:45, brownimfc wrote:
Unfortunately, that version of Java breaks a lot of plugins for FF.

http://forums.java.net/jive/thread.jspa?messageID=...
I don't use FF.

I use Opera 10 which blows FF away:
http://www.opera.com/browser/next
Was this reply relevant?
+0
-0
brownimfc RE: Cat. 4 Threat
Member 10th Dec, 2008 16:39
Score: 0
Posts: 3
User Since: 25th Apr 2008
System Score: N/A
Location: Rochdale, UK
on 10th Dec, 2008 15:58, wrote:
I don't use FF.

I use Opera 10 which blows FF away:
http://www.opera.com/browser/next[/quote]

It may do, personally I'm not to keen on FF but need to use it so I can use the Freecycle moderation plugin.
Was this reply relevant?
+0
-0
pmigliore RE: Cat. 4 Threat
Member 13th Dec, 2008 13:23
Score: 0
Posts: 2
User Since: 18th Nov 2008
System Score: N/A
Location: N/A
Secunia continues to claim a Java Threat for the most updated version.
What's going on here? Is Secunia being spoofed or should we just deinstall all JAVA SW form our systems as it is essentially telling us to do??
Was this reply relevant?
+0
-0
SweetPea RE: Cat. 4 Threat
Member 13th Dec, 2008 15:36
Score: 0
Posts: 1
User Since: 26th Apr 2008
System Score: N/A
Location: N/A
Last edited on 13th Dec, 2008 15:43
Java JRE can be installed all over the place depending on which application needed it and which version of JRE the application needs. The earlier suggestion to look at the folder location of the files which Secunia PSI found to be out may help. When in summary view, Hover over the Folder icon or when looking at the details of the out of date application, just click on the folder icon to open the folder. If the folders/exes are different from windows\system32\java.exe or program files\java\jrennnnn\bin\java.exe then you're looking at a custom java install which the standard upgrade or uninstall will not update or remove.

As others have noted, newer version of jre may break some applications, so it is wise to not remove the older version until you are satisfied that everything works. I typically rename or move the jre to a subfolder called old where ever I find it and then see whether the various java apps still works. You can then create an Ignore Rule for the old-subfolder (Settings tab) to stop PSI from scanning and reporting the old versions. Beware, though this will hide a vulnerability!

Good luck
Was this reply relevant?
+0
-0
Litisha RE: Cat. 4 Threat
Member 13th Dec, 2008 18:08
Score: 0
Posts: 21
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
YoKenny:
I was hoping you could help me. I had downloaded the JavaRa program and wanted to use JavaRa so it will automatically uninstall old stuff and update me with the new stuff. But it shows required files which I guess I have to check off, but it also has additional files jre-6u11-windows-i586-p-iftw.exe & jre-6u11-windows-i586-p-iftw-k.exe. How do I know if I should download this also. I'm not a computer person, I'm a little confused. I contacted Sun customer support but they would not give me an answer. They just kept giving me the links to the update and other forums. Please help, thank you.
Was this reply relevant?
+0
-0
This user no longer exists RE: Cat. 4 Threat
Member 13th Dec, 2008 19:35
Litisha, one is a on-line version that is quite small and is good if you want to update Java through the Internet and one is quite large and is good if you want to down load it then disconnect from the Internet then update Java.

jre-6u11-windows-i586-p-iftw-k.exe is the small one I think.

It does not matter which one you run as the end result is the same because you have v6 r11 installed.
Was this reply relevant?
+0
-0
Litisha RE: Cat. 4 Threat
Member 13th Dec, 2008 21:22
Score: 0
Posts: 21
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
THank you so much for your help.
Was this reply relevant?
+0
-0
jcohl001 RE: Cat. 4 Threat
Member 18th Dec, 2008 03:03
Score: 0
Posts: 1
User Since: 18th Dec 2008
System Score: N/A
Location: N/A
Thanks! http://raproducts.org did the trick
Was this reply relevant?
+0
-0
jegelskeraksel RE: Cat. 4 Threat
Member 26th Mar, 2009 17:32
Score: 0
Posts: 2
User Since: 28th Feb 2009
System Score: N/A
Location: N/A
on 26th Nov, 2008 16:51, JDHamilton wrote:
PSI is showing three entries as Cat. 4 threat. Clicking on solution button doesn't seem to do anything.

Was this reply relevant?
+0
-0
jegelskeraksel RE: Cat. 4 Threat
Member 26th Mar, 2009 17:34
Score: 0
Posts: 2
User Since: 28th Feb 2009
System Score: N/A
Location: N/A
on 26th Nov, 2008 17:24, Digerati wrote:
Interesting you got these just today - which ones? I ask because I too got 3 errors - two Cat4. The two Cat-4 both SunJava JRE 1.6.x/6.x.

Was this reply relevant?
+0
-0

This thread has been marked as locked.