Solved: Re: Java dos

darin.marais · ‎05-10-2004

I was wondering if Cisco would be able to shed some more light on how this vulnerability would effect, if at all, the VMS 2.2 installations.

Sun announced a DOS vulnerability in the JRE today on May 6 which may allow a remote unprivileged user to cause the Java Virtual Machine to become unresponsive

The announcement:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57555

SDK and JRE releases are available at:http://java.sun.com/j2se/

SDK and JRE 1.4.2_03 or earlier 1.4.2 releases are affected.

gfullage · ‎05-17-2004

VMS 2.2 Update 1 comes with Java Plug-in 1.4.1_02, so this particular vulnerability shouldn't be an issue.

Having said that 1.4.1_02 had some vulnerabilities of it's own as seen here:

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57221

You can upgrade VMS to 1.2.1_05 if you like by following the procedures outlined in the Update 1 Release Notes here:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/prod_release_note09186a00801ca636.html#wp91738

You can download 1.2.1_05 from here:

http://java.sun.com/products/archive/j2se/1.4.1_05/index.html

Hope that helps.

View solution in original post

gfullage · ‎05-17-2004