navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: scan hasn't picked up installation if Sun Java v1.7.0.1

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Sun Microsystems
And, this specific program:
Oracle Java JRE 1.6.x / 6.x

This thread has been marked as locked.
taffy078 scan hasn't picked up installation if Sun Java v1.7.0.1
Contributor 20th Nov, 2011 08:04
Ranking: 408
Posts: 1,352
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
I've resolved scan problems that I flagged up in http://secunia.com/community/forum/thread/show/117...

but bdmeyere hasn't - yet.

My scan worked fine this morning but there's a strange result - PSI is telling my that I have Sun Java JRE v6.0.2603 (=v1.6.0.2603) 32- and 64-bit, that it's vulnerable and that an update is scheduled. But I've installed this manually from Sun website - twice - i.e. v1.7.0.1.

This happened a few weeks ago - see my post in http://secunia.com/community/forum/thread/show/116...

At that time a scan said exactly the same thing so I installed it manually then.

So why is PSI still saying I have v.6.0.2602 - it's shown as in my C:|program files so I could look for it and delete it of course.

But
(1) why is the scan not recognising v1.7.0.1?
(2) why is the automatic updater not updating? and
(3) why isn't v1.7 in the "list of specific programs? Do I need to tell Secunia via "missing program?"?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003

taffy078 RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Contributor 20th Nov, 2011 08:13
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
I've manually deleted the JRE6 folders and now have 100% but my questions are still valid, especially #3.

Any thoughts please?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Maurice Joyce RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Handling Contributor 20th Nov, 2011 09:43
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
JAVA is already registered with Secunia.

I have just installed the 32Bit version on my test machine. It shows in the Scan results page as version 7.0.10.8 & in the Secure Browsing section .

It will not show in the Secure Browsing section of PSI version 2.0.0.4003 until Secunia fix the known bug.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Anthony Wells RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Expert Contributor 20th Nov, 2011 10:27
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Nov, 2011 10:31
Hi taffy ,

1.7.x does NOT UPDATE 1.6.x it is an upgrade/platform change .

The latest version of 1.6.x is U29 and displays in the PSI under Sun in scan results .

1.7.x displays under Oracle .

Hope that is clear enough .

Anthony

EDIT : @bdmeyer has resolved her/his problem so you can lock your other thread .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
taffy078 RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Contributor 20th Nov, 2011 12:09
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hello, again! I admit to being confused; some locations here refer to Sun Java and others Oracle e.g.

My scan results show Oracle Java - (JRE 1.7 v7.0.10.8 is there, patched and OK.)
but my previous results showed Sun Java - (JRE 1.6 V6.0.2603 as vulnerable).
I've installed Sun Java v1.7.0.1 but it doesn't show in the results. Hence my confusion.

@Anthony: I installed Sun Java v1.7.0.1 after the PSI scan showed v6 as vulnerable (but couldn't auto-update it). FileHippo says v.1.7"includes many security fixes". Thanks too for your edit. I'll close that shortly but I'm just about to post an update there.

@Maurice : I have had separate entries in Scan Results before for both Oracle & Sun Java - http://secunia.com/community/forum/thread/show/116...
so is the fact that Sun Java v1.7.0.1 doesn't appear, the bug to which you refer, Maurice?
When I wrote
(3) why isn't v1.7 in the "list of specific programs? Do I need to tell Secunia via "missing program?"
I was referring to the fact that Sun JRE 1.7 is not shown in the list we use to create our new threads in 'Program' (when we select Vendor/Specific Program), rather than in the scan results. Oracle Java 1.7 is there!

Perhaps the sun is rising in my oracle, hence my pain and anguish. Another weekend spoiled by blasted PC update problems! Grrrrrrrrrrrhhhhhhhhhh.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Anthony Wells RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Expert Contributor 20th Nov, 2011 12:39
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Nov, 2011 12:49
Taffy ,

Oracle own Sun : so Sun Java JRE = Oracle (Sun) Java JRE ; it's the same thing exactly .

Your Oracle/Sun JRE U 26 (vesion 6.0.2603) is/was insecure as the PSI told you . The current "secure" version is U 29 (version 6.0.290.11) but still has unpatched vulnerabilities as per SA45173 and displayed as such in the PSI 2.0.0.3003 "secure browsing" module . Your updating problems were with the Oracle/Sun JRE 1.6.x platform and were not changed by loading the Oracle/Sun JRE 1.7.x platform .

Your Java JRE 1.7. is now called Oracle Java by the PSI and so you will not see it as Sun Java in the PSI unless you reload platform 1.6.x . It displays as "secure/up to date" , as version 7.0.10.8 and also fully patched in "secure browsing" ( if your version p˘pulates the module ).

Is that clearer ??

Anthony .

EDIT ; there is a Java site :-

http://java.com/en/

and an Oracle site :-

http://www.oracle.com/technetwork/java/index.html

If you search for a Sun site you get redirected to Oracle , so your downloads would not have come from a Sun site .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Maurice Joyce RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Handling Contributor 20th Nov, 2011 13:02
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I am not sure I fully understand all your points but here goes:

1. Sun no-longer exists - it was taken over by Oracle some time ago. Slowly they are re branding all Sun software to Oracle hence the "muddle".

2. The stable version of JAVA is JAVA 6 Update 29 & is offered by their link here:

http://www.java.com/en/download/ie_manual.jsp?loca...

As Anthony has explained it is registered by Secunia & is secure as far as possible.

3. FileHippo is an update scraper & has trawled its update link from the developer site.

4. As explained version 7 DOES appear as secure in the Scan Results page & in the Secure Browsing page. It does NOT appear in the Secure Browsing page if using PSI version 2.0.0.4003 because that version has one or two reported bugs.

This should not affect U as the bug fixes from version 2.0.0.3003 does not affect Windows XP as follows:

Version 2.0.0.4003 (18th October 2011)
This is a minor service release. If you are running Secunia PSI 2.0 without problems then there's no need to upgrade.
Fixed issue which caused the uninstallation/upgrade process to hang. (Windows 7 bug)

Version 2.0.0.4002 (31st August 2011)
This is a minor service release. If you are running Secunia PSI 2.0 without problems then there's no need to upgrade.
Enhanced integration with the Secunia CSI 5.0


5. When creating a thread in Programs it is registered. Go to Programs>Oracle Corporation>Oracle JAVA JRE 1.7.x/7x

I note Anthony has responded while I prepared this offline. Sorry for any duplicate information.

Tips of the Day.
1.Only use vendor or vendor nominated sites to update hardware drivers or software.

2.Only update having read & fully understood the release notes or the change log. The latest is not always the greatest & can lead to stability problems.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
MehulBhai RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Member 21st Nov, 2011 06:25
Score: 36
Posts: 12
User Since: 17th Jul 2011
System Score: N/A
Location: IN
And I would like to add to all the above Java v1.7 is still in testing stage and only available to developers to ensure no major problems are found before they make it available on the java.com website for end users to download the latest version.
See here : http://www.java.com/en/download/faq/java7.xml
Was this reply relevant?
+1
-0
taffy078 RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Contributor 21st Nov, 2011 09:49
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
well, where do I start?

Anthony, Maurice and Mehul Bhai - thank you for your very full & clear explanations. Much appreciated.

Lessons that I have learnt:

(1) Sun -> Oracle.

(2) No Sun JRE 1.7 in the list of programs that comes up when you start a new thread in Programs because JRE 1.6 is the last Sun-branded product.

(3) Never to install an update just because FileHippo says that I need to.
They didn't say that Java 1.7 is for programmers/developers, nor do cnet. Majorgeeks do, though so in future I'll double-check FileHippo's suggestions with their site.

I've installed Java v1.6 update 29 and have unistalled v1.7.0.1 I did it via the Control Panel as this is recommended by Sun/Oracle but it didn't remove the folder in Program Files/Java. I've done that manually.

Rescanned - still 100% - phew!

I'll leave this thread a few days before I lock it. Thanks again for your help


PS Leendert Kip kad some issues with Java 1.7 per this thread: http://secunia.com/community/forum/thread/show/113...
I wonder if Leendert knows it's only for developers. Could Secunia email him?


--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
MehulBhai RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Member 21st Nov, 2011 12:41
Score: 36
Posts: 12
User Since: 17th Jul 2011
System Score: N/A
Location: IN
Java 1.7 will be available after testing is completed.
Regarding the other thread you mention, you can also post there and inform him.
Was this reply relevant?
+0
-0
Leendert Kip scan hasn't picked up installation if Sun Java v1.7.0.1
Member 21st Nov, 2011 13:22
Score: 70
Posts: 526
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
Last edited on 21st Nov, 2011 13:29
Hi Taffy, I read regularly in the forum to keep track on the info here. You are correct, I had some issues with Java 1.7 some time ago. I use File Hippo Updater which offered me that updare. After that I read some remarks in the forum and investigated on the Java site. I indeed have read that 1.7 was not a beta but not yet intended for non-professional users or something like that. To be safe I uninstalled 1.7 and installed 6 update 29.

--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+0
-0
Mcd73165 RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Member 21st Nov, 2011 16:42
Score: 7
Posts: 70
User Since: 13th May 2009
System Score: N/A
Location: US
In my case, PSI picked up on Oracle Java 1.7.01 but did not pickup on the Java Console for Firefox 7.0.01. The install.rdf file that is associated with it is installed and in it's proper location. (C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEF FEDCBA})
Was this reply relevant?
+0
-0
Anthony Wells RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Expert Contributor 21st Nov, 2011 17:49
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello @Mcd73165 ,

I note that you are referring to Firefox version 7.0.01 ; are you not aware that it contains a Highly critical vulnerability (!?) , as per SA46773 :-

http://secunia.com/advisories/46773/

Is your PSI not showing this in your scan results ?? It is recommended to upgrade todversion 8.0. An insecure browser is a real gift to the bad guys .

There is a long history of the PSI failing to detect Ff Add-ons ( both extensions and plug-ins) , usually after an update ; as you rightly point out the version 7 of the Java Console is missing .

You might wish to propose the .rtf to Secunia :-

http://secunia.com/vulnerability_scanning/personal...

Let us know their response .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
taffy078 RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Contributor 21st Nov, 2011 17:55
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
@ MehulBhai - thanks. The other thread is locked but I now see Leendert has posted.

@Leendert. Good to hear from you again. Trusting you are well.

@mcd73162. but did not pickup on the Java Console for Firefox 7.0.01. Nor did it on mine - perhaps that's because it's in the testing stage? But PSI did pick up the v6, which it describes as "Java Console 6.x (extension for Firefox).

My Firefox is v8.0.0.4325

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Leendert Kip scan hasn't picked up installation if Sun Java v1.7.0.1
Member 21st Nov, 2011 20:19
Score: 70
Posts: 526
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
on 21st Nov, 2011 17:55, taffy078 wrote:
@Leendert. Good to hear from you again. Trusting you are well.

Yes OK and almost dayly reading through the forum! But open my 'mouth' only in case I have to say something usefull.


--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+0
-0
Mcd73165 RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Member 22nd Nov, 2011 03:55
Score: 7
Posts: 70
User Since: 13th May 2009
System Score: N/A
Location: US
on 21st Nov, 2011 17:49, Anthony Wells wrote:
Hello @Mcd73165 ,

I note that you are referring to Firefox version 7.0.01 ; are you not aware that it contains a Highly critical vulnerability (!?) , as per SA46773 :-

http://secunia.com/advisories/46773/

Is your PSI not showing this in your scan results ?? It is recommended to upgrade todversion 8.0. An insecure browser is a real gift to the bad guys .

There is a long history of the PSI failing to detect Ff Add-ons ( both extensions and plug-ins) , usually after an update ; as you rightly point out the version 7 of the Java Console is missing .

You might wish to propose the .rtf to Secunia :-


http://secunia.com/vulnerability_scanning/personal...

Let us know their response .

Take care

Anthony

Anthony, I have Firefox version 8 installed, not 7.01. I was referring to Java Console version 7.0.01. The previous Java Console version was 6.0.29 which PSI did detect.
Was this reply relevant?
+0
-0
taffy078 RE: scan hasn't picked up installation if Sun Java v1.7.0.1
Contributor 22nd Nov, 2011 08:33
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
@anthony: just to say that your 17:49 wasn't there when I was preparing my 17:55 post.
(It took me several minutes to compile as I had to open a second secunia screen.)

Your reply is much more expansive than mine so I hope that Mcd73165 takes your advice and let's us know what happens next.

@Leendert: good to know that you're here "in the backround"! ;0)

I'll leave this thread open - it's raised (for me) some very interesting & helpful posts.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+