AnsweredAssumed Answered

Java 6 detection broken

Question asked by Richard Mines on Jul 31, 2015
Latest reply on Aug 26, 2015 by downinej

The release of the recent, non public version of Java 6 (update 101) appears to have broken most of the previous Java QIDs.

 

Hosts that were previously showing as clean are now suddenly racking up over 20 Java related QIDs when this latest version is installed.

 

These QIDs look (reasonably enough) at the Java version, and my theory is that they're only looking at 2 digits in the minor version. That would have worked fine up to now, but when the latest version pushed into 3 digits Qualys is mistakenly seeing is as version 10, not 101.

 

The results field from an affected machine is "C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll product version is 6.0.101.14"

 

Affected QIDs include 123519, 123168, 122741, 122362, 122007, 121712, 121515, 121279 and many others...

 

We did log this over a week ago but still waiting for this to be fixed and in the meantime we've effectively lost visibility of Java defects. Anyone else with access to non public Java releases seeing this?

Outcomes