Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Sun Java JRE 1.6.x/6.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Sun Microsystems
And, this specific program:
Oracle Java JRE 1.6.x / 6.x

This thread has been marked as locked.
jaw001 Sun Java JRE 1.6.x/6.x
Member 9th Jul, 2010 17:40
Ranking: -9
Posts: 6
User Since: 12th Feb, 2010
System Score: N/A
Location: N/A
I am trying to apply a fix to Sun Java, a category 4 threat. The threat does not disappear after applying. Checked JAVA in control panel and have Standard Edition 6, Version 6 Update 20, build 1.6.0_20-602. Should I just ignore the threat on PSI?

Maurice Joyce RE: Sun Java JRE 1.6.x/6.x
Handling Contributor 9th Jul, 2010 18:13
Score: 11580
Posts: 8,893
User Since: 4th Jan 2009
System Score: N/A
Location: UK
JAVA PROBLEMS
=============
Can be used with Windows XP,Vista & Windows 7 - 32 & 64 Bit Systems.

[b]Windows works perfectly well without JAVA.On that basis,U can safely uninstall the lot via Control Panel>Add/Remove. If U change your mind later due to programme dependencies just install & test the latest version from the links provided below.


If U prefer to permanently retain JAVA (many users do) see below:

The following fix is for the more widely used 32 Bit system.(By default 64 Bit systems still use the 32 Bit Browser) Details for a 64 Bit Browser are in PART 3.

PART 1
AUTOMATIC UPDATING OF JAVA
~~~~~~~~~~~~~~~~~~~~~~~~~~
1. If U are using PSI version 1.9.0.2 have U tried the Auto Update feature supplied? If not, it is worth a go.
2. If using PSI 1.5.0.2 Go to Start>Control Panel>click on the JAVA icon>select the Update tab>click the Update Now button.

If these options are not available or do not work try this:

MANUAL UPDATING OF 32 BIT JAVA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Click this link & select run from here:
http://www.java.com/en/download/manual.jsp (select 32 Bit)

To test your JAVA is working correctly use this test link:
http://java.com/en/download/help/testvm.xml

As normal,reboot,carry out a full PSI scan & all should be in order. If not,go to Start>Control Panel>Add/Remove & uninstall ALL version of JAVA(TM),JRE,JSE or JDK that U can see EXCEPT for JAVA(TM) 6 Update 20.

Rescan. In the unlikely event of a vulnerability still showing scroll down to PART 2


OPTIONAL EXTRA'S AFTER UPDATING BY WHATEVER METHOD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Go to Control Panel>JAVA icon>Update Tab and take the tick (check mark) out of box marked "Check for updates auto ....." (This will prevent a Java updater notification from starting each time U switch on your PC - PSI is already doing this job for U)

2. If U prefer not to have the JAVA icon in the System Tray when in use, open the Advanced Tab>look for Miscellaneous>click the + sign & then remove the tick from clearly marked box.

3. U may also wish to speed up your browser by clearing out the JAVA cache & permanently lowering the quota allocation. If U are unsure how to do this post back for more information.

++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++
PART 2

Use the method below as a last resort.

CLEARING OUT OLD JAVA DROSS (32 Bit)
~~~~~~~~~~~~~~~~~~~~~~~~~~~
If U have completed all the above actions & still have a problem it is because the new JAVA uninstaller only removes the previous version. U could still have very old JAVA dross on your system. Try this:

1.Install or double check U have the latest JAVA version (Currently Version 6 Update 20)from here:

http://www.java.com/en/download/manual.jsp (select 32 Bit)

2.This tool will remove all the old dross except for the version U have just installed. Click here:

http://raproducts.org/

*This link takes U to the site - select the Windows Binary (zip) option.
*This will lead U to Sourceforge.net to download it.
*Save the download to desktop.
*Activate the desktop zip icon which exposes the JAVARA EXE file. Click it
*Select RUN when asked.
*Select your language.
*The tool will now appear on the desktop - select REMOVE OLDER VERSIONS
*Once complete select ADDITIONAL TASKS - tick all boxes & activate.
*Right click on the desktop JAVARA zip file & delete it.

3.To test your JAVA is working correctly use this test link: http://java.com/en/download/help/testvm.xml

PART 3

a.If U have, but do not use your 64 Bit Browser, there is no requirement for Java 64 Bit to be installed.If already installed it can safely be removed via Control Panel>Add/Remove (64 Bit versions are clearly marked 64 if U have any)

b.To update this version click here: http://www.java.com/en/download/manual.jsp (select 64 Bit)

c.U can use the 32 Bit browser to install the 64 Bit version.

If this post has solved your problem could you please select the ACCEPT option. This will lock the thread and stop you & I from receiving unnecessary update emails.


Version 6 17:29 08/07/2010


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+5
-0
Jersey_Devil RE: Sun Java JRE 1.6.x/6.x
Member 9th Jul, 2010 22:13
Score: 9
Posts: 26
User Since: 29th Apr 2010
System Score: N/A
Location: US
Last edited on 9th Jul, 2010 22:19
@Maurice Jones:

Thank you, kind sir, for your detailed explanation above re: ALL THINGS JAVA. The comprehensive & immaculately presented details are so precise and simple that "Even a caveman (like MOI) can do it"LOL.

You, you got a gift,my friend! You're VERY VERY GOOD, YOU!
http://www.youtube.com/watch?v=iZtbASCE7ZY

On the subject of Java, FileHippo alerted me of an update to Java JRE v1.6.0.21. Upon scanning, PSI detected Java RE v1.6.0.20 installed and patched on my box. My question is this: Was the update to v1.6.0.21 merely a "performance" update (and as such would not be "reported" by PSI) or is it a security patch and PSI has not yet updated it's definitions to reflect this patch?

Thank you again for your invaluable contributions to this forum, it is one of the unknown "perks" that come along with the installed features of this outstanding program.

Respectfully,
"The Devil"

FileHippo DL link JRE v1.6.0.21: http://www.filehippo.com/download_jre_32/

--
Gateway NV59C
Win 7 HP SP1 x64, XP Home SP3
FFox latest Ex-PLODE-r 11
PSI v2 MVPS Hosts
Avast 9 FREE
Was this reply relevant?
+2
-0
Maurice Joyce RE: Sun Java JRE 1.6.x/6.x
Handling Contributor 9th Jul, 2010 23:46
Score: 11580
Posts: 8,893
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 10th Jul, 2010 00:02
It is cosmetic & bug fixes that Secunia do not report on.

Still a good idea to update. I will amend my advice - thank you.

Edit: Just tested the latest release - PSI reports it as secure.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+4
-0
jwitt007 RE: Sun Java JRE 1.6.x/6.x
Member 10th Jul, 2010 00:08
Score: -1
Posts: 2
User Since: 4th Jul 2010
System Score: N/A
Location: US
Just did the PSI update and risk for Sun Java disappeared.
Was this reply relevant?
+0
-0
Jersey_Devil RE: Sun Java JRE 1.6.x/6.x
Member 10th Jul, 2010 00:17
Score: 9
Posts: 26
User Since: 29th Apr 2010
System Score: N/A
Location: US
Last edited on 10th Jul, 2010 00:18
on 9th Jul, 2010 23:46, Maurice Joyce wrote:
It is cosmetic & bug fixes that Secunia do not report on.

Still a good idea to update. I will amend my advice - thank you.

Edit: Just tested the latest release - PSI reports it as secure.

Thank you, I also updated & PSI reported the new version as secure--I neglected to add that to my OP. (I'm getting prematurely senile, methinks)

--
Gateway NV59C
Win 7 HP SP1 x64, XP Home SP3
FFox latest Ex-PLODE-r 11
PSI v2 MVPS Hosts
Avast 9 FREE
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability