Knowledge Base & Discussion Forum

Java Version Security Concern

Discuss any other technical questions here

Moderator: Support Team

Java Version Security Concern

Postby racassel » Sun Feb 10, 2013 1:35 pm

5.5.8.2 OBM and OBSR run on Java 1.60_23?

Can the Java be updated to latest 7 Version 13 released by Sun plugging 50 critical security holes from previous version 7.

How to upgrade OBM ACB and OBSR to latest Java?
racassel
 
Posts: 445
Joined: Tue Nov 25, 2008 9:23 am

Postby racassel » Wed Feb 27, 2013 10:59 pm

Ahsay.. Please reply?
racassel
 
Posts: 445
Joined: Tue Nov 25, 2008 9:23 am

Postby PG » Thu Feb 28, 2013 11:09 am

Ive looked at these vulnerabilites but they really are not relevant as the only web service the out of date jvm is connecting to is your obs server.

however you can just replace the jvm folder with a newer one and it will wok, but be sure to make a copy of javaw.exe and rename it to be BJw.exe as well.
PG
 
Posts: 1023
Joined: Thu Feb 18, 2010 5:57 am

Postby Scherring » Thu Feb 28, 2013 12:03 pm

PG is right. The recent java security hole only affects java applets, not java applications. Therefore, it doesn't affect any version of AhsayOBM, AhsayACB, AhsayOBS, AhsayRPS and AhsayRDR at all. There is no need to update the bundled java in these products to correct any security problem.
Scherring Chong
Founder & Vice Chairman
Ahsay Backup
Scherring
 
Posts: 465
Joined: Thu Aug 10, 2006 5:04 pm

Postby racassel » Sat Mar 09, 2013 9:56 am

I would tend to disagree with Sherrings assessment based on the information below obtained by light research. It appears that Java server side is vunerable to exploits.

http://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf

Facing the ever increasing demand by consumers for transparency in regards to computer security issues, has Ahsay employed any third party independant testing in regards to server side exploits? If so, can the clean bill-of-health results be released to customers? This would also apply to the many open source products used for the web platform Tomcat, bouncycastle, Apache 1.1 (current license version reference found in license folder of OBM.),

What version of Apache are you shipping with 6.11?

http://nakedsecurity.sophos.com/2011/08/26/apache-exploit-leaves-up-to-65-of-all-websites-vulnerable/
racassel
 
Posts: 445
Joined: Tue Nov 25, 2008 9:23 am

Postby racassel » Sat Mar 09, 2013 10:09 am

Reading a little more on this, I think the product ships with 1.2xxx version of Tomcat. Tomcat would then be the greater cause for concern versus Java. Looking over the patches for Tomcat 7, I am shaking in my boots running 1.2xxxx. Is it advisable to upgrade Ahsay OBSR to latest version of Tomcat, and keep it up to date?

http://tomcat.apache.org/security-7.html
racassel
 
Posts: 445
Joined: Tue Nov 25, 2008 9:23 am


Return to Others

Who is online

Users browsing this forum: No registered users and 1 guest

Looking for Rbackup Alternative | Vembu Alternative | Novastor Alternative | Asigra Alternative | BackupAgent Alternative? Try our product.


A wholly owned subsidiary of Ahsay Backup Software Development Company Limited  [HKEx Stock Code: 8290]