Solved: Java securityexception error on Web VPN

Florian Ostkamp · ‎10-21-2013

Hello,

I have a problem with my Cisco ASA 5510 Clientless SSL Webvpn.

After Oracle updates its Java Version, our JAVA Webportal ist not completly working.

Our clientless SSL Web Portal is running on a Cisco ASA 5510 with Version 9.1.3.

On this portal we provide the JAVA RDP Plugin and the JAVA Citrix Plugin.

All Java Plugins are working with Java 7 Update 25.

But with the newest Version Java 7 Update 45 it is not working.

It is comming the following Error.

-----------------------------------

"SecurityException"

com.sun.deploy.net.JARSigningException: Unsignierter Eintrag gefunden in Ressource:

https://XXXXXXX/ica/JICA-configN.jar

---------------------------------

XX=our portal-url

Has somebody the same problem?

I need a solution, because we are using this solution for round about 200 User.

Thank you very much.

Florian

Mohammad Alhyari · ‎10-22-2013

ASA WebVPN Java Plugins fail after upgrade to Java 7 Update 45
CSCuj88114

Sent from Cisco Technical Support Android App

View solution in original post

Gordon Ross · ‎12-10-2013

9.1.4 was released on the 9th December which claims to fix this bug.

GTG

Please rate all helpful posts.

View solution in original post

Jouni Forss · ‎10-21-2013

Hi,

We dont have much use for Clientless VPN environments and I have not been the person responsible for managing them (until now when one of our employees changed employer)

Though we only had reports from a single user and had to resort to changing to Java SE 6 Update 45. Though even then it seemed that Internet Explorer wouldnt work and "had" to use Firefox.

I have personally not run into many problems with Java as I have not managed Clientless VPN environments (until now) and I have never really used ASAs ASDM so usually the quickest choice would be to downgrade.

Though I would really love to have a proper solution to this myself also without resorting to downgrading each time a problem occurs.

In our situation the problematic situation doesnt show the error message that you are seeing each time. We have a bookmark for the user to use initiate RDP session which before changing the Java SE to 6 Update 45 resulted in the WebVPN portal just reloading the portal page without any error message or other output whatsoever.

- Jouni

jsalmonson · ‎10-22-2013

We are experiencing the same issue with Chrome/FF. IE seems to be OK. Java v7 r45 that updated today. Did anyone find a fix?

Here's the error's details.

Java Plug-in 10.45.2.18

Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM

User home directory = C:\Documents and Settings\name

----------------------------------------------------

CacheEntry[https://dn/CACHE/sdesktop/install/binaries/instjava.jar]: updateAvailable=false,lastModified=Wed Dec 31 19:00:00 EST 1969,length=117093

Missing Application-Name: manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Permissions manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Codebase manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Application-Name: manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Permissions manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Codebase manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Application-Name: manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Permissions manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Codebase manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Tue Oct 22 11:26:52 EDT 2013 Retrieved CSD stub path: C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:52 EDT 2013 CSD stub will be downloaded

Tue Oct 22 11:26:52 EDT 2013 Download url : https://dn/CACHE/sdesktop/hostscan/windows_i386/cstub.exe

Tue Oct 22 11:26:52 EDT 2013 Download path : C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 Downloaded https://dn/CACHE/sdesktop/hostscan/windows_i386/cstub.exe to C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 file signature verification PASS: C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 Spawned CSD stub.

jsalmonson · ‎10-23-2013

Here's my fix:

Install RE v7.025

Remove RE v7.045

Reduce the security level in Java to MED

I hope Cisco gets off of the Java engine soon.

Mohammad Alhyari · ‎10-22-2013

ASA WebVPN Java Plugins fail after upgrade to Java 7 Update 45
CSCuj88114

Sent from Cisco Technical Support Android App

S M85 · ‎10-25-2013

Mohammed,

Is cisco going to release an update of the RDP plugin. It seems that Cisco do not comply with the requirements of Oracle related to signing the java applets? I'm not sure if I'm right because I do not understand all the java gibberish. All I know it is very anoying ;-)

https://blogs.oracle.com/java-platform-group/entry/updated_security_baseline_7u45_impacts

Gordon Ross · ‎12-10-2013

9.1.4 was released on the 9th December which claims to fix this bug.

GTG

Please rate all helpful posts.

Gordon Ross · ‎01-31-2014

This bug is now showing as fixed - But not for the latest 9.1(4) software.

GTG

Please rate all helpful posts.

ictbeheer01 · ‎05-22-2014

i'm now running asa 9.2.1 still same problem

markorchard · ‎10-23-2013

Hi,

I've been having the same issue with users after they upgraded to Java 7 Update 45.

Error states: com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: https://FQDN/+CSCO+guid++/rdp/properJavaRDP14-1.1.jar

I have downloaded the latest Terminal Service Client Plugin for ASA from the download site but that has made no difference.

I have unzipped the jar and remove references to any signing and re-archived the jar file but still not working.

I have set Java security settings to medium but it still does not work.

Has anyone managed to get this working at all?

DPC · ‎10-24-2013

The workaround posted in the Cisco Bug is to uncheck the setting "Keep temporary files on my computer" which is found in the Java Control Panel under the General Tab / Temporary Internet Files / Settings ...

This workaround has worked for me with Jave 7 Update 45 on both PC and Mac.

djlombardi · ‎10-27-2013

David Charlebois wrote:

The workaround posted in the Cisco Bug is to uncheck the setting "Keep temporary files on my computer" which is found in the Java Control Panel under the General Tab / Temporary Internet Files / Settings ...

This workaround has worked for me with Jave 7 Update 45 on both PC and Mac.

Hi David,

Thanks very much that fixed the issue for me as well. I've tested on PC with IE, Firefox and Chrome and can confirm they work as expected.

Regards

David

uffe.doygaard · ‎10-31-2013

Can you post the Bug ID?

/hamderdoygaard

DPC · ‎10-31-2013

CSCuj88114

ASA WebVPN Java Plugins fail after upgrade to Java 7 Update 45

Symptom:
ASA WebVPN Java Plugins fail to load after upgrade to Java 7 Update 45 with the following General Exception error - 'com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: https:///+CSCO+xxxxxxxxxxxxxxxxxxxxxxx++/vnc/VncViewer.jar'

Conditions:
Windows or Mac OSX machines using Java 7 Update 45.

Workaround:
1) Disable the option 'Keep temporary files on my computer' on the Java Control Panel -> General -> Settings. This works for both Mac OSX and Windows.

2) Downgrade Java to version 7 Update 40 or below.

Further Problem Description:

Bart van Dam · ‎11-06-2013

Hi,

I see that the status of this bug is fixed. How come that the bug ID is not mentioned in the release notes of the latest 9.1.3 intrim update ? Does the 9.1.3 intrim software update fix this issue ? Or did i overlook something ?