This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JaiPagare
Occasional Contributor
Occasional Contributor
‎2018-05-09 03:30 PM

8.3.1 webtier upgrade. Java/JDK/JRE Version

Jump to solution

Hello all,

 

 

With the recent Web Tier patch announced 8.3.1; what version of Java/jre is supported? Currently in my system we have JRE 6 & 7 installed in mixed mode.

 

 

1. Can I proceed upgrade with JRE 6 and 7 which is installed in Mixed mode?
2. Is latest JRE 10 supported for 8.3.1 webtier upgrade?

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
SeanDoyle
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2018-05-09 05:17 PM

Jump to solution

Upgrade to 8.3 Patch 1 which embeds Oracle JRA 1.7 Update 171-b31 and addresses a number of other vulnerabilities

 

 

CVE-2014-0411 .. .affects JRE/JDK 1.7_51+

               http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

 

CVE-2015-2808 .. fixed in 1.7_80+

               https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-2808

               http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA

 

CVE-2015-7575.. fixed in JRE 1.7.95+

               https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7575

               http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA

 

Other patches in 8.3.0.1 (8.3 Patch 1) .. this is a partial list

 

Oracle WebLogic Server
CVE-2017-5645, CVE-2018-2625

Oracle Java
CVE-2018-2633, CVE-2018-2637, CVE-2018-2634, CVE-2018-2641, CVE-2018-2618, CVE-2018-2629, CVE-2018-2603, CVE-2018-2657, CVE-2018-2599, CVE-2018-2581, CVE-2018-2602, CVE-2018-2677, CVE-2018-2678, CVE-2018-2588, CVE-2018-2663, CVE-2018-2579

View solution in original post

Reply
8 Replies
SeanDoyle
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2018-05-09 03:39 PM

Jump to solution

The Webtier has an embedded JRE package.. it ignores any other JRE/JDK installs on the server it installs. the 8.3 Patch 1 patches all known vulnerabilities.

Reply
JaiPagare
Occasional Contributor
Occasional Contributor
In response to SeanDoyle
‎2018-05-09 03:48 PM

Jump to solution

Thank you Sean,

 

To remediate latest CVE's I am forced to upgrade JDK/JRE versions to latest. I am skeptical what will be custom Web portal behavior (I mean will it break) if I upgrade JDK/JRE from 7 to 10?

 

What is the recommended JRE/JDK version for Web tier 8.3.1?

0 Likes
Reply
SeanDoyle
Trusted Contributor Trusted Contributor
Trusted Contributor
In response to JaiPagare
‎2018-05-09 03:51 PM

Jump to solution

Hmm.. have you opened tickets with RSA CS on the CVEs in question? the Webtier does not support JRE 10 and can't be modified without breaking it.

Reply
JaiPagare
Occasional Contributor
Occasional Contributor
‎2018-05-09 04:30 PM

Jump to solution

Not yet. Let me know, if you think I should open ticket please.

0 Likes
Reply
SeanDoyle
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2018-05-09 05:17 PM

Jump to solution

Upgrade to 8.3 Patch 1 which embeds Oracle JRA 1.7 Update 171-b31 and addresses a number of other vulnerabilities

 

 

CVE-2014-0411 .. .affects JRE/JDK 1.7_51+

               http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

 

CVE-2015-2808 .. fixed in 1.7_80+

               https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-2808

               http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA

 

CVE-2015-7575.. fixed in JRE 1.7.95+

               https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7575

               http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA

 

Other patches in 8.3.0.1 (8.3 Patch 1) .. this is a partial list

 

Oracle WebLogic Server
CVE-2017-5645, CVE-2018-2625

Oracle Java
CVE-2018-2633, CVE-2018-2637, CVE-2018-2634, CVE-2018-2641, CVE-2018-2618, CVE-2018-2629, CVE-2018-2603, CVE-2018-2657, CVE-2018-2599, CVE-2018-2581, CVE-2018-2602, CVE-2018-2677, CVE-2018-2678, CVE-2018-2588, CVE-2018-2663, CVE-2018-2579

Reply
JaiPagare
Occasional Contributor
Occasional Contributor
‎2018-05-17 09:08 AM

Jump to solution

Thanks Sean

 

Which is the closet JDK/JRE supported by WebTier 8.3? If 10 been latest and not supported by WebTier; I have JRE 6 & 7 installed in mixed mode.

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to JaiPagare
‎2018-05-17 09:54 AM

Jump to solution

As Sean Doyle indicated, the Web Tier installs it's own java 1.7, and uses it's own java 1.7, independent of whatever other java may have been on the machine. Web Tier 8.3.0.1.0 uses  Oracle JRA 1.7 Update 171-b31.

0 Likes
Reply
JaiPagare
Occasional Contributor
Occasional Contributor
‎2018-06-01 10:19 AM

Jump to solution

Thanks Edward & Sean,

 

I got 10.8 JRE installed and pointed WebTier JRE_HOME directory to 1.8.

 

How should I proceed removing/disable 1.6 & 1.7 which is in mixed mode?  

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.