Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Sun Microsystems
And, this specific program:
Oracle Java JRE 1.6.x / 6.x

This thread has been marked as locked.
pctechie Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 4th Aug, 2009 08:24
Ranking: 0
Posts: 3
User Since: 3rd Mar, 2009
System Score: N/A
Location: N/A
Hi,
I am running Vista 64bit, and Secunia secure browsing keeps alerting me that sun java jre 1.6x/6.x is insecure with no solution. I have read the other posts, but can't seem to find a resolution. I am running the current version (14)and have no earlier versions installed. Why am I still getting the insecure message? Any help would be appreciated.
Thanks,
PCTECHIE

Maurice Joyce RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Handling Contributor 4th Aug, 2009 09:56
Score: 11581
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
U have answered your own question. There is no solution. We are all waiting for Sun Java to fix it.

Word is on the street that it could be released today.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
thomasG RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 4th Aug, 2009 12:49
Score: 0
Posts: 5
User Since: 21st Jun 2009
System Score: N/A
Location: US
If you look under the Patched column I'll bet you find the JRE 1.6x is listed as patched.
Surprise, figure that out!

--
thomasG
Was this reply relevant?
+0
-0
Maurice Joyce RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Handling Contributor 4th Aug, 2009 14:17
Score: 11581
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It is patched as far as a user can go hence the entry in the patched section. Perfectly correct entry.

The Insecure browser section gives U more facts so U can decide what to do pending the update.

Uninstall? A PC works perfectly well without JAVA.

Ride out the storm by being caution on the web.

Secunia is merely giving the facts leaving the user to decide.





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
pengwyn RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 5th Aug, 2009 09:55
Score: 5
Posts: 24
User Since: 6th Mar 2009
System Score: N/A
Location: Sacramento, N/A
I notice today Version 6 Update 15 (build 1.6.0_15-b03)
is out, but has not fixed the secure Browsing problems.
Was this reply relevant?
+0
-0
Argonaut RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 5th Aug, 2009 12:51
Score: 0
Posts: 2
User Since: 24th Oct 2008
System Score: N/A
Location: N/A
Sun microsystems has issued a new version today (5.8) of Java runtime 1.6 update 15, but it seems to me that my 32-bit Vista SP2 is not accepting itīs installation. An error code pops up and terminates the installation process. I cannot use my internet banking services because there is no JAVA installed on my computer. MSI installer cannot unzip the installation package and says that you should try later. That is annoying and makes difficult to take care of my business.

Harri
Was this reply relevant?
+0
-0
Maurice Joyce RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Handling Contributor 5th Aug, 2009 13:01
Score: 11581
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Harri,
Try this link
http://www.filehippo.com/download_java_runtime/tec...

Save it to desktop & install it from there.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
bjm__ RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 5th Aug, 2009 13:29
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Last edited on 5th Aug, 2009 15:30
Hi pengwyn,

Had same experience.

Installed Update 15 from Java site after I uninstalled Update 14 with Glary Utilities Uninstall Manager. Uninstall Manager displayed uninstall info from Update 11. So, I guess I cleaned out allot of old dross / remnants.
PSI still reports Insecure.
Release Notes > http://java.sun.com/javase/6/webnotes/6u15.html
Bug Fixes
This release contains fixes for one or more security vulnerabilities.
Maybe still some unfixed vulnerabilities. Buyer beware?
If you don't visit sites that have java applets and if you don't use any java-dependent programs, then you don't need java installed.
Secunia OSI requires Java.
Secunia PSI does not require Java.
The program can be exploited even when not in use.
I've updated to 15 and have disabled IE add-ons and FF plug-ins.
Very limited use platform for my needs.

Regards
bjm-
Was this reply relevant?
+0
-0
Argonaut RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 5th Aug, 2009 14:04
Score: 0
Posts: 2
User Since: 24th Oct 2008
System Score: N/A
Location: N/A
The solution to my installation problem in Vista PC was easy, simply uninstall all the old versions of JAVA RE, Which usually can be found in the program files folder. Then load the new version JRE 1.6 update 15. The filehippo link was not helping either to the original issue, but thanks anyway. I realize that the filehippo file was differently compressed than the one you get from Sun microsystems.

Harri
Was this reply relevant?
+0
-0
Maurice Joyce RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Handling Contributor 5th Aug, 2009 14:13
Score: 11581
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Secunia Support have just confirmed to me by email that despite updating to version 6 Update 15 the vulnerability reported by them in the Insecure Browser Section remains unchanged.

That is supported in that the techical details for the update states it is a bug fix only.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Dwarden RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 5th Aug, 2009 15:57
Score: 0
Posts: 17
User Since: 23rd Dec 2007
System Score: 100%
Location: CZ
my observation after install of 1.6.0_15 :


PSI reports these vulnerabilities unfixed:

SA34451 , according to Secunia this was fixed already 2 Java builds back (1.6.0_13)

SA35853 , according to secunia these are unfixed, according to CERT this was supposed to be fixed by actual release from SUN

so now tell me how come the PSI is unable to properly detect installed version SUN JRE/JSE ?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Handling Contributor 5th Aug, 2009 19:57
Score: 11581
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Just rescanned JAVA and the vulnerability in the Insecure Browser Section is showing as patched!
The mind boggles!!!!!!

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
wr RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Contributor 5th Aug, 2009 20:42
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Last edited on 5th Aug, 2009 20:47
Hi bjm
I noticed that our procedures for working with Java(tm) are quite similar, the only difference being the 3rd party utility to uninstall. I use VS Revo Uninstaller. First thing I did after booting was to run FileHippo Update Checker which reported that update 15 from Java(tm) was available for download, which I did from their location-saved it to Desktop-opened Revo & ran uninstaller in the Moderate mode & just as it finished uninstalling a balloon notification from PSI informed me the update 14 had been removed-rebooted-ran Java(tm) installer(MSI) then deleted installer with another 3rd party program Window Washer(tm). Again after the new install PSI informed me the new program had been installed-checked in Patched programs & it showed update v. correctly with a Cat 4 threat & in the Secure browser section FF is now green boxed-secure-as I had already updated FF to 3.5.2-the only thing left is for M$ to get on the ball & patch IE8. Happy Cybersurfing.

Regards, wr

EDIT: To Maurice, I noticed the same thing after seeing some posts here on the Forum-as a matter of fact before updating from 14 to 15, 14 was showing as secure-GO FIGURE!!

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
andygo44 RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 9th Aug, 2009 16:27
Score: 0
Posts: 1
User Since: 3rd Jul 2009
System Score: N/A
Location: N/A
on 4th Aug, 2009 08:24, pctechie wrote:
Hi,
I am running Vista 64bit, and Secunia secure browsing keeps alerting me that sun java jre 1.6x/6.x is insecure with no solution. I have read the other posts, but can't seem to find a resolution. I am running the current version (14)and have no earlier versions installed. Why am I still getting the insecure message? Any help would be appreciated.
Thanks,
PCTECHIE

Was this reply relevant?
+0
-0
SteveSBE RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 9th Aug, 2009 17:49
Score: 0
Posts: 1
User Since: 7th Nov 2008
System Score: N/A
Location: N/A
For Vista... I had uninstalled all old Java versions in "remove programs". Because of an unrelated issue I uninstalled v1.6. When I tried to reinstall, I got an error that said something to the effect that the "core files failed to unzip". I ended up deleting all temp folders on my C drive and in the Windows directory (but not in other program's directories) and it installed fine. Sun had a solution for Windows XP on their site.
Was this reply relevant?
+0
-0
bjm__ RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 9th Aug, 2009 22:18
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Last edited on 9th Aug, 2009 22:22
andygo44,

If your asking the same issue as PCTECHIE.
Please view this thread post from Maurice Joyce > http://secunia.com/community/forum/thread/show/236...

Some have used an uninstall utility as offered in this thread better than Control Panel to remove all Java dross/remnants prior to new install from Java or Filehippo
Sun Java jre 1.6x/6.x is secure at this time and should report as such.
Regards
bjm-
Was this reply relevant?
+0
-0
ginflo RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 4th Jan, 2010 06:31
Score: 0
Posts: 2
User Since: 7th Sep 2009
System Score: N/A
Location: N/A
Last edited on 4th Jan, 2010 07:00
on 4th Aug, 2009 08:24, pctechie wrote:
Hi,
I am running XP 32bit, and Secunia secure browsing keeps alerting me that sun java jre 1.6x/6.x is insecure with no solution. I have read the other posts, but can't seem to find a resolution. I am running the current version (15)and have no earlier versions installed. Why am I still getting the insecure message? Any help would be appreciated.
Thanks,
PCTECHIE

Was this reply relevant?
+0
-0
ginflo RE: Help Please!! Secure Browsing Alert: JRE 1.6x is insecure w/out a solution
Member 4th Jan, 2010 07:00
Score: 0
Posts: 2
User Since: 7th Sep 2009
System Score: N/A
Location: N/A
on 4th Aug, 2009 08:24, pctechie wrote:
Hi,
I am running Vista 64bit, and Secunia secure browsing keeps alerting me that sun java jre 1.6x/6.x is insecure with no solution. I have read the other posts, but can't seem to find a resolution. I am running the current version (14)and have no earlier versions installed. Why am I still getting the insecure message? Any help would be appreciated.
Thanks,
PCTECHIE

Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability