HT5678 Carnegie-Mellon/DHS Vulnerability Note VU#858729 "Java contains multiple vulnerabilitie"

does this update address/resolve the Carnegie-Mellon/DHS Vulnerability Note VU#858729 "Java contains multiple vulnerabilities" http://www.kb.cert.org/vuls/id/858729 ?

Do you believe this update has the necessary changes to make it safe to re-enable our Java?
Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.
Java is not included in OS X 10.7 and later. A discrete Java installer is distributed by Apple, and another one by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it, if at all, only on well-known, password-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.

Similar Messages

  • Carnegie Mellon University looking for mobile developers opinion

    We are conducting a survey of mobile application developers aimed at improving our understanding of mobile application development, focused on developer practices for building mobile applications. This is a research project, sponsored by the CyLab Mobility Research Center of Carnegie Mellon University. Survey results will be made public and will be available at http://mobileplatforms.wikidot.com in early 2010.
    The survey is open to anyone who is involved in the design and development of mobile applications, and should take 10-15 minutes to complete. There you will first be asked to give your consent to participating in the survey. If you have questions about the survey, please send an email message to [email protected]
    If you would like to participate in the survey, please click to go to:
    http://2010MobileDeveloperSurvey.questionpro.com
    Thank you very much for your participation.
    All responses will remain confidential and secure. Thank you in advance for your valuable feedback. Your input will be used to ensure that we continue to meet your needs. We appreciate your trust and look forward to serving you in the future.
    NOTE: Feel free to circulate this message amongst your colleagues and/or post it on your blog.

    Done! I built a restaurant recommendation application for the Apple iPhone. Unfortunately it wasn't approved by Apple due to their rather confounding approvals procedure. Hopefully your survey will lead to a better understanding of application development and deployment on mobile platforms. Several iPhone game developers that I know have also had trouble getting apps approved in the past.

  • Carnegie Mellon University looking for Mobile Flash developers opinion

    Hi folks, thanks for your interest.
    We are doing a research project on the mobile ecosystem
    in the Mobility Research Center at Carnegie Mellon Silicon
    Valley.
    Our main goal in our current study is to understand the
    decision-
    making process followed by mobile applications
    developers/start-ups.
    To start immediately the survey follow
    THIS
    LINK
    Below a short description of our project:
    We are particularly interested in how mobile apps developer
    decide
    upon platform(s), device (s), carrier(s), and market, as well
    as the relative importance of
    technology and business factors.
    Our research process includes a formal survey, a series of
    interviews, and a public wiki.
    In the fast moving mobile world Flash Lite is a news full of
    promise: your experience should be taken into account in our
    research.
    So we would like you to complete our SURVEY at
    this link
    http://www.questionpro.com/akira/TakeSurvey?id=1108623
    We think that it will take about 10-15 minutes to complete
    the survey
    and will close by the beginning of February.
    You can WIN A PRIZE and RECEIVE A FREE SUMMARY REPORT of our
    activity.
    We want to follow up with some people in more detail. If you
    would
    have about 30 minutes for an informal interview, please let
    us know.
    We've just started a wiki on this topic and encourage you
    to visit, contribute, and let others know about it.
    It's at
    http://mobiledevelopers.pbwiki.com/
    We are looking forward do receive feedback from you!
    Thanks for your help, and best wishes for 2009.
    PLEASE PASS THIS MESSAGE TO YOUR COLLEAGUES AND TO POST IT ON
    YOUR BLOG!
    Text

    Done! I built a restaurant recommendation application for the Apple iPhone. Unfortunately it wasn't approved by Apple due to their rather confounding approvals procedure. Hopefully your survey will lead to a better understanding of application development and deployment on mobile platforms. Several iPhone game developers that I know have also had trouble getting apps approved in the past.

  • Vulnerability Note VU#887861

    Hi Everyone, Especially JDeveloper Team Experts,
    I have an urgent question to ask.
    My situation is that my ADF UIX application developed using JDeveloper become not usuable when users disable the scripting capabilities in their web browser such as Internet Explorer according to the recommendations in the Vulnerability Note VU#887861?
    SO WHAT SHOULD I DO?????????!!!!!!!!!! Please help!!!
    Here is the background information:
    As you may be aware, a serious security vulnerability was
    recently discovered in the script processing system in
    Internet Explorer. The U.S. Computer Emergency Response
    Team is recommending that until Microsoft issues a patch
    for this, users should disable the scripting capabilities
    of their browser. More information can be found here:
    http://www.kb.cert.org/vuls/id/887861
    Qian Dong

    Hi,
    I'm sure an application developed with ADF UIX would not be the only web site users would no longer be able to use effectively if they disabled scripting. Since the vulnerability is in Internet Explorer, perhaps you should encourage your users to use a browser which does not have this security vulnerability (e.g. Firefox). Microsoft have an advisory page about this vulnerability here:
    http://www.microsoft.com/technet/security/advisory/911302.mspx
    It's likely this page will be updated when a windows update is available for IE.
    Brian

  • I have tried a lot to find an app or some way in email to attach multiple of pdf files in one email. I could not find anything that sends multiple pdf file in one email and still keeping the file in simple pdf format for the recipient.

    I have tried a lot to find an app or some way in email to attach multiple of pdf files in one email. I could not find anything that sends multiple pdf file in one email and still keeping the file in simple pdf format for the recipient.

    I am not aware of a way except for photos that allows you to select multiple files in an email. I even checked settings in the Adobe Reader app, and it does not show that ability.

  • Applets not working with Java 1.7.0_51 in MII 14.0 SP4 Patch 5

    Hi,
    I'm currently evaluating the migration of our MII 12.0 developments to MII 14.
    But I'm running in several issues just trying to use simple things like a SQL query template with an iGrid Display template in test mode.
    Used versions are: MII 14.0 SP4 Patch 5 and on client side the latest Mozilla Firefox with Java 1.7.0_51
    At first I always get a java security warning when the applet is being loaded about unsigned applications.
    At second the applet itself is not running. It always shows "No data available" and the java console shows the following errors (iResult is the id of the applet):
    iResult [ERROR] - Couldn't set query template: No Query Defined
    iResult [ERROR] - Couldn't set display template: null
    iResult [ERROR] - Couldn't set display template: null
    Is this perhaps a general problem, that the MII applets are not working with Java 1.7.x versions?
    If I call the same MII page from a client with Java 1.6.x it is working without errors.
    Do you have some suggestions for me?
    Regards Timo

    please clear your JAVA Cache. that should solve the JRE issue. thanks

  • UIXJSP App built off BC4J Project JBO Excep XML File not found for the Container

    Running JDEV 9.0.3 build 960
    Created a new project in folder "UIX JSP"
    "UIX JSP" note the space!
    Create a default UIX JSP Application based on existing BC4J Project
    When running a JSP - Get a JBO Error complaining that the XML File not found for the Container
    If I recreate the project with name UIX_JSP problem does not occur.

    I logged a bug on this.

  • XML File not found for the Container model.cpx

    I can run my application from JDeveloper without receiving the error. But when I deploy the application I get the following:
    500 Internal Server Error
    oracle.jbo.NoXMLFileException: JBO-26001: XML File not found for the Container model.cpx     at oracle.jbo.mom.DefinitionManager.loadProjectDefinition(DefinitionManager.java:751)     at oracle.jbo.uicli.mom.JUMetaObjectManager.createPool(JUMetaObjectManager.java:457)     at oracle.jbo.http.HttpContainer.findSessionCookie(HttpContainer.java:541)     at oracle.jbo.html.struts11.BC4JRequestProcessor.initPageFromPath(BC4JRequestProcessor.java:233)     at oracle.jbo.html.struts11.BC4JRequestProcessor.processMapping(BC4JRequestProcessor.java:123)     at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:234)     at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1292)     at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)     at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:721)     at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:306)     at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:767)     at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java:259)     at com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java:106)     at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:803)     at java.lang.Thread.run(Thread.java:479)
    Any Ideas?

    Hi,
    please explicitly "make" the project. One reason for this problem could be that the model.cpx isn't created properly. Select the model project and compile the complete project before deploying it. Sometimes it helps to clear the "class" directory of the project on teh file system before re-compiling
    Frank

  • "XML File not found for the Container DataBindings.cpx" error after deploy

    Hello,
    I have a problem with my JSP-Javaproject. Local works all fine but when i deploy my project to a Oracle Aplication Server i allway get this XML-File-Not-found exception:
    oracle.jbo.NoXMLFileException: JBO-26001: XML File not found for the Container DataBindings.cpx
    In my EAR-File the DataBindings.cpx is at:
    \WEB-INF\classes\
    My JSP-File:
    <jbo:ApplicationModule id="AippackageModule" definition="DataBindings.DataModule" releasemode="Stateful" />
    My web.xml:
    <context-param>
    <param-name>CpxFileName</param-name>
    <param-value>DataBindings</param-value>
    </context-param>
    My DataBindings.cpx:
    <?xml version='1.0' encoding='windows-1252' ?>
    <Application xmlns="http://xmlns.oracle.com/adfm/application" id="DataBindings"
    Package="" ClientType="Generic">
    <pageMap>
    </pageMap>
    <pageDefinitionUsages>
    <page id="eonerrorPageDef"
    path="de.avacon.ahb.system.tools.pageDefs.eonerrorPageDef"/>
    </pageDefinitionUsages>
    <dataControlUsages>
    <BC4JDataControl Configuration="AppModuleLocal"
    Package="model.data"
    xmlns="http://xmlns.oracle.com/adfm/datacontrol"
    id="DataModule">
    <Parameters/>
    </BC4JDataControl>
    </dataControlUsages>
    </Application>
    What can i do?
    Thanks, steve

    Adding the dependency in the ViewController fixed this for me.
    I'm using two AppModules in the controller and the second one wasn't being picked up.
    I was able to fix this by:
    Go to the Project Properties, select Dependencies, edit the Dependent Projects and Archives, find the model that's failing and add a tick in the Build Output box.
    The model should now be picked up in the ViewController's DataBindings.cpx source file, though I did have to restart JDev for this to be picked up.
    HTH
    Phil

  • XML File not Found for the Container BC4J.cpx

    Hi,
    Have following error when I start a BC4J-JSP/Struts application (with Embedded and standalone OC4J) :
    500 Internal Server Error
    oracle.jbo.NoXMLFileException: JBO-26001: XML File not found for the Container BC4J.cpx
         oracle.jbo.mom.ContainerDefImpl oracle.jbo.mom.DefinitionManager.loadProjectDefinition(java.lang.String)
              DefinitionManager.java:751
         oracle.jbo.mom.ContainerDefImpl oracle.jbo.mom.DefinitionManager.loadProjectDefinition()
              DefinitionManager.java:793
         void oracle.jbo.mom.DefinitionManager.initManager()
              DefinitionManager.java:137
         void oracle.jbo.uicli.mom.JUMetaObjectManager.<init>()
              JUMetaObjectManager.java:57
         oracle.jbo.uicli.mom.JUMetaObjectManager oracle.jbo.uicli.mom.JUMetaObjectManager.getJUMom()
              JUMetaObjectManager.java:131
         oracle.jbo.common.ampool.SessionCookie oracle.jbo.http.HttpContainer.findSessionCookie(javax.servlet.http.HttpSession, java.lang.String, java.lang.String, java.util.Properties)
              HttpContainer.java:541
         boolean oracle.jbo.html.struts11.BC4JRequestProcessor.initPageFromPath(oracle.jbo.html.struts11.BC4JActionMapping, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
              BC4JRequestProcessor.java:222
         org.apache.struts.action.ActionMapping oracle.jbo.html.struts11.BC4JRequestProcessor.processMapping(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String)
              BC4JRequestProcessor.java:124
         void org.apache.struts.action.RequestProcessor.process(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
              RequestProcessor.java:234
         void org.apache.struts.action.ActionServlet.process(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
              ActionServlet.java:1292
         void org.apache.struts.action.ActionServlet.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
              ActionServlet.java:492
         void javax.servlet.http.HttpServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
              HttpServlet.java:740
         void javax.servlet.http.HttpServlet.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
              HttpServlet.java:853
         void com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
              ServletRequestDispatcher.java:721
         void com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(javax.servlet.ServletRequest, javax.servlet.http.HttpServletResponse)
              ServletRequestDispatcher.java:306
         boolean com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.processRequest(com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.ApplicationServerThread, com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.EvermindHttpServletRequest, com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.EvermindHttpServletResponse, java.io.InputStream, java.io.OutputStream, boolean)
              HttpRequestHandler.java:767
         void com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(java.lang.Thread)
              HttpRequestHandler.java:259
         void com.evermind[Oracle9iAS (9.0.3.0.0) Containers for J2EE].server.http.HttpRequestHandler.run()
              HttpRequestHandler.java:106
         void EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run()
              PooledExecutor.java:803
         void java.lang.Thread.run()
              Thread.java:484
    Then I make a Reload and it's ok.
    I have a Workspace with two Projects :
    BC4J.jpr for Businnes Components
    Web.jpr for JSP Struts
    In /classes I have the file Web.cpx, but no BC4J.cpx.
    From which does this name come ? Can I change this name ?
    Thanks
    Yves

    I found this on Metalink...
    JBO-26001: NoXMLFileException
    Cause: Could not open the named XML file for read.
    The following is from Note 137429.1. Hope this helps.
    Raja.
    JBO-26001: NoXMLFileException
    Cause: Could not open the named XML file for read.
    Action: 1. Make sure that the file is present. In particular, if the file is to be found in a zip/jar file, make sure that the Zip/JAR file is included in the CLASSPATH.
    2. This error is also reported if the name of the XML file does not match the object Name specified in the XML file. If the file system support case insensitive file names (e.g., Windows NT), make sure that the file name matches the object Name in the XML file in case-sensitive fashion.
    3. For a .JPX file, this error is reported if the JPX file is missing the JboProject XML tag. Check the JPX file to make sure that the valid tag is in there.
    4. One XML file may be extending another XML file (specified by the Extends element in this XML file). This error is reported if the base XML file is not found.
    5. When loading the XML file for a package (JboPackage tag), this error is reported if some unexpected error occurs while loading a containee.
    In all of the above cases, a more descriptive message may be printed on Diagnostic. If you are not seeing Diagnostic messages, you can run your application with Diagnostic turned on, as in "java -Djbo.debugoutput=console ...", to see Diagnostic messages.

  • HT1688 My iphone 5 won't charge and it's in perfect condition, I dont drop it and it's not cracked. I tried multiple chargers, none of them are damaged and my outlets work with other things so the problem is my phone. What's wrong with it and what should

    My iphone 5 won't charge and it's in perfect condition, I dont drop it and it's not cracked. I tried multiple chargers, none of them are damaged and my outlets work with other things so the problem is my phone. What's wrong with it and what should I do? Please help me I need my phone for work.

    Make sure there's nothing blocking a contact in the charging port of the phone.

  • Channel is not appearing in the container

    Hi,
    i have devloped a channel and also a container.
    The follwoing are the corresponding xml's.
    The proble is the channels that i defined as <SELECTED>
    are not appearing in the container, can any one let me know why??????
    arun
    Channel XML
    <Channel name="NewsLeftNav" provider="NewsLeftNavProvider" advanced="false" merge="fuse" lock="false">
    <Properties>
         <String name="refreshTime" value="60"/>     
    <String name="title" value="Left News Channel"/>
    <String name="description" value="News Information"/>
    </Properties>
    </Channel>
    ProviderXML
    <Provider name="NewsLeftNavProvider" class="com.naportal.NewsLeftNavProvider">
    <Properties>
    <String name="title" value="News Left Nav"/>
    <String name="refreshTime" value="0" advanced="true"/>
    <Boolean name="isEditable" value="false" advanced="true"/>
    <String name="editType" value="edit_subset" advanced="true"/>
    <String name="contentPage" value="naportal/newsdesc.jsp"/>
    </Properties>
    </Provider>
    Custom Provider
    <Provider name="NewsTableContainerProvider" class="com.naportal.NewsTableContainerProvider">
    <Properties>
    <String name="contentPage" value="GMtoptable.jsp"/>
    <Collection name="categories">
         <String value="NewsChannels"/>
    </Collection>
    <Collection name="NewsChannels">
         <String name="NewsLeftNav"/>
    </Collection>
    </Properties>
    </Provider>
    Container
    <Container name="NewsTableContainer" provider="NewsTableContainerProvider">
    <Properties>
    <String name="title" value="Front Table Container Channel"/>
    <String name="contentPage" value="GMtoptable.jsp"/>
    <Collection name="categories">
         <String value="NewsChannels"/>
    </Collection>
    <Collection name="NewsChannels">
         <String name="NewsLeftNav"/>
    </Collection>
    <Collection name="channelsRow" advanced="true">
         <String name="NewsLeftNav" value="3"/>
    </Collection>
    </Properties>
    <Available>
         <Reference value="NewsLeftNav"/>
    </Available>
    <Selected>
         <Reference value="NewsLeftNav"/>
    </Selected>
    <Channels>
    </Channels>
    </Container>

    Have you watched the desktop.debug logfile?
    On my installation, it's in the /var/opt/SUNWam/debug directory.
    It might give you some clues...

  • Could not initialize the Java Virtual Machine

    While trying to configure the turnkey product I encounter an error in starting the JBoss for Adobe LiveCycle ES v8.0 service. The JBossService.exe ends up showing in the task list - but the service shows its status as "starting" and an enty stating: "Could not initialize the Java Virtual Machine" is placed in the event log. I've seen a posting on this form that traced at least some of these symptoms to the account under which the service is configured to run - but I don't believe that solution applies in this case - I'm starting the service under the System Account which has all the permissions it needs to start the service.

    Thanks very much for the suggestion. Indeed, the problem turned out to be memory related - I was able to correct the issue by updating the registry keys "JVM Option Number 4" and "JVM Option Number 5" so specify lower values. For some reason the system didn't like the 1024 meg size that was set by default (our server has 2 gig of memory).

  • Fi Document is not generating in MIGO for multiple account assignment in PO

    Hi,
    I have have created  asset po DG set 111 quanity is 4, i have created 4 different assets and assign quanity 1 to each dg sets in account assignment. While doing GRN system is not generating FI document for this po. if  i am giving one quanity or single account assignment for as 4 then it is generating FI quantity.
    PLease help me out why system is not generating FI document for multiple accont assignment in MIGO.
    Thanks in advance
    KISHORE

    Hi
    There is no option if you are not on EhP4... Do MIRO and see if the FI doc is generated
    Only way is to do MIRO immediately after MIGO.. OR Schedule ERS (Evaluated Receipt Settlement) which runs every hour in the background so that MIRO is posted automatically based on MIGO document.... Basically, you have to do MIRO after MIGO.. Whether you do it manually or through ERS is a matter of choice
    Regards
    Ajay M

  • WDrawingSurfaceInfo not found in Java 1.4

    Hi,
    Code:
    WCanvasPeer wcp = (WCanvasPeer) c.getPeer();
    if (wcp == null)
    return 0;
    WDrawingSurfaceInfo wdsi =
    (WDrawingSurfaceInfo) wcp.getDrawingSurfaceInfo();
    This code is residing in a class(myWDrawingSurfaceInfo) which i have created & included in the package sun.awt.windows by using the command
    "package sun.awt.windows" in the first line of the program.
    If i use Java 1.3.1, then the code is compiling fine. But, when I use Java 1.4.1, I get the following error. "class WDrawingSurfaceInfo not found in class sun.awt.windows.myWDrawingSurfaceInfo"
    Can anyone please help me point as to what is happening here.
    Thanks in advance,
    Rudra

    Yeah, you shouldn't be using these classes.
    All the classes that are not in the java.* or javax.* packages are subject to change at Sun's will. So don't count on them being there.

Maybe you are looking for