https://community.hpe.com/t5/operating-system-hp-ux/java-multiple-vulnerabilities/m-p/4343312#M734932 Hello VK2COT,<BR /><BR />Thank for your reply.<BR /><BR />Sorry for refering wrong ID.<BR /><BR />The vulnerabilities I am checking is VUPEN/ADV-2008-3339<BR /><BR /><A href="http://www.vupen.com/english/advisories/2008/3339" target="_blank">http://www.vupen.com/english/advisories/2008/3339</A><BR /> Fri, 23 Jan 2009 06:08:18 GMT godchild_ii 2009-01-23T06:08:18Z https://community.hpe.com/t5/operating-system-hp-ux/java-multiple-vulnerabilities/m-p/4343310#M734930 <BR />Dear all,<BR /><BR />I just received a warning on java vulnerabilities, CVE-2008-3339. The suggestion is to upgrade the java to 5.0 update 17.<BR /><BR />However currently the latest java in hpux is 1.5.0.14, which includes sun java 1.5.0.16FCS.<BR /><BR />Is it true that hpux java 1.5.0.14 can't fixes the vulnerabilities? And if it can't, when will the later version of java release to fix it?<BR /><BR />Thanks and regards,<BR />Godchild. Fri, 23 Jan 2009 04:03:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/java-multiple-vulnerabilities/m-p/4343310#M734930 godchild_ii 2009-01-23T04:03:22Z https://community.hpe.com/t5/operating-system-hp-ux/java-multiple-vulnerabilities/m-p/4343311#M734931 Hello,<BR /><BR />Are you sure you got the correct CVE.<BR /><BR />CVE-20098-3339 actually talks about:<BR /><BR />QUOTE<BR />search_result.cfm in Jobbex JobSite allows<BR />remote attackers to obtain sensitive<BR />information via unspecified vectors that<BR />reveal the installation path in an error<BR />message.<BR /><BR />It contains flaws that allow remote SQL<BR />injection attacks and cross site scripting.<BR /><BR />SQLi occurs where the "jobstateid" and<BR />"jobcountryid" don't properly sanitize input<BR />submitted to the search_result.cfm script.<BR />This may allow an attacker to inject or manipulate SQL queries in the backend database.<BR />END QUOTE<BR /><BR />Could you please share the document where you<BR />found reference to Java to 5.0 update 17<BR />on HP-UX?<BR /><BR />The latest Java JDK/JRE at HP is<BR />version 6.0.2.<BR /><BR />Cheers,<BR /><BR />VK2COT Fri, 23 Jan 2009 05:04:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/java-multiple-vulnerabilities/m-p/4343311#M734931 VK2COT 2009-01-23T05:04:21Z https://community.hpe.com/t5/operating-system-hp-ux/java-multiple-vulnerabilities/m-p/4343312#M734932 Hello VK2COT,<BR /><BR />Thank for your reply.<BR /><BR />Sorry for refering wrong ID.<BR /><BR />The vulnerabilities I am checking is VUPEN/ADV-2008-3339<BR /><BR /><A href="http://www.vupen.com/english/advisories/2008/3339" target="_blank">http://www.vupen.com/english/advisories/2008/3339</A><BR /> Fri, 23 Jan 2009 06:08:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/java-multiple-vulnerabilities/m-p/4343312#M734932 godchild_ii 2009-01-23T06:08:18Z