Java 1.4.2 Security Vulnerabilities

Hello,
I'm looking for a link that lists the security vulnerabilities of Java 1.4.2 and I am having trouble finding a comprehensive list. Our security officer doesn't want us using 1.4.2 because of security vulnerabilities and I want to confirm what they are. But, I have not seen any report of what these issues are. This relates specifically to our Java version in relation to our Discoverer Plus use. Does anyone have a link of known Java 1.4 security issues?
Thanks!

Check this
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1

Similar Messages

  • Oracle XDK Java removing security vulnerabilities

    Hi All,
    I am looking for removing security vulnerabilities that may be associated with XML parsers.
    I am looking which version of Oracle XDK Java has removed security vulnerabilities associated with XML Parsing.
    Also what is the latest version Oracle XDK Java is present in market.
    Also is new version are backward compatible. Do we need to see is any change in API level occurs.
    Currently we are using Oracle XDK Java 10.2.0.2.
    Just a description of security vulnerabilities that may be associated with XML parsers are
    "The vulnerabilities are related to the parsing of XML elements with unexpected byte values and recursive parentheses, which cause the program to access memory out of bounds, or to loop indefinitely. The effects of the vulnerabilities include denial of service and potentially code execution. The vulnerabilities can be exploited by enticing a user to open a specially modified file, or by submitting it to a server that handles XML content.:
    Regards
    Atul Parti

    Which JVM is the security tool complaining about (what is the directory path, for example)?
    My guess is that the tool is complaining about the older JVM that Oracle installs in order to run the Oracle Universal Installer and the other Java-based installation tools.  If that's the case, those JVMs do not generally represent a security issue because they are not running anything on a day-to-day basis.  They're only used by things like the OUI which only get invoked when someone wants to do something like install new software.  Ideally, you'd be able to have the conversation with the security folks and explain that those older JVMs exist only for the limited purpose of running the OUI and the other configuration tools. 
    If the security folks want you to upgrade the Java version (as opposed to just installing patches to the older JVMs), that has a decent probability of breaking the various installation and configuration tools.  That may not have much impact on a day-to-day basis but may make administration tasks in the future more challenging. 
    Justin

  • Kerberos Pre-Authentication - Security Vulnerabilities

    I have an issue with some Java applets locking out AD accounts, or prompting for a password.
    The solutions I have, and work, is to check the "Do not require Kerberos preauthentication" located in the user account of Active Directory Users and Computers, or to create a registry DWORD key called allowtgtsessionkey with a value of 1. 
    This key is located in
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters.
    Can you advise by enabling this option or creating the reg key, does this open any security vulnerabilities?  I have read on another forum that creating the key on a PC where a users has local admin rights, will be an issue, but was very vague.
    Many thanks
    Larry

    Hi,
    If the issue persists, please:
    Find out from which machine/device bad password attempts are generated.
    Locate any services/scheduled tasks/disconnected remote desktop connections/scripts/mapped drives which could be storing credentials, then clear stored credentials.
    More information for you:
    Troubleshooting Account Lockout
    https://technet.microsoft.com/en-us/library/cc773155%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
    Account getting locked out
    https://social.technet.microsoft.com/Forums/en-US/92454597-b414-4840-82fd-16dd92a1706d/account-getting-locked-out
    Account Locked - Event 4771 Failure Code 0x18
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/6187d7e2-d38a-4ecd-bf80-12ce3589c8e1/account-locked-event-4771-failure-code-0x18?forum=winserversecurity
    Error for Active Directory
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/4923356c-1820-4626-83f2-8a57a7c48ccc/error-for-active-directory?forum=winserverDS
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]

  • Java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketImpl

    Hi, can anyone please help us to come out of this:
    java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketImpl
    at oracle.security.ssl.OracleSSLCipherSuite.isSSLLibDomestic(Unknown Source)
    at oracle.security.ssl.OracleSSLCipherSuite.getSupportedCipherSuites(Unknown Source)
    at oracle.security.ssl.OracleSSLSocketFactoryImpl.getSupportedCipherSuites(Unknown Source)
    at HTTPClient.OracleSSL.getSSLDefaultCipherSuites(OracleSSL.java:108)
    at HTTPClient.OracleSSL.initHttps(OracleSSL.java:91)
    at HTTPClient.OracleSSL.<init>(OracleSSL.java:77)
    at HTTPClient.HTTPClientSSLFactory.mk(HTTPClientSSLFactory.java:137)
    at HTTPClient.HTTPConnection.getSSL(HTTPConnection.java:4174)
    at HTTPClient.HTTPConnection.getSSLSocket(HTTPConnection.java:4220)
    at HTTPClient.HTTPConnection.doConnect(HTTPConnection.java:4038)
    at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3003)
    at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2843)
    at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2635)
    at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1107)
    at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1072)
    at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1049)
    at com.eds.bluesphere.util.V01.HTTPQueryStringRequestDispatcher.invokePost(Unknown Source)
    at com.eds.bluesphere.util.V01.HTTPRequestor.obtainReponse(Unknown Source)
    at com.eds.bluesphere.util.V01.HTTPRequestor.submit(Unknown Source)
    at com.newcorp.mailinglabel.response.USPSResponseProcessor.generateResponseXml(USPSResponseProcessor.java:111)
    at com.newcorp.mailinglabel.response.USPSResponseProcessor.processResponse(USPSResponseProcessor.java:62)
    at com.newcorp.mailinglabel.response.ResponseProcessor.execute(ResponseProcessor.java:89)
    at com.newcorp.mailinglabel.MailingLabelAPI.generateLabel(MailingLabelAPI.java:177)
    at com.newcorp.consumerportal.dataaccess.claim.ClaimMailingLabel.generateUSPSLabel(ClaimMailingLabel.java:74)
    at com.newcorp.consumerportal.process.claim.ClaimConfirmProcess.generateLabel(ClaimConfirmProcess.java:67)
    at com.newcorp.consumerportal.process.claim.ClaimConfirmProcess.executeDoProcess(ClaimConfirmProcess.java:157)
    at com.newcorp.common.PortalProcess.doProcess(PortalProcess.java:201)
    at com.eds.bluesphere.framework.process.V01.ApplicationFrameworkNavigationProcess.invokeDoProcess(Unknown Source)
    at com.newcorp.common.PortalProcessChainingProcess.doProcess(PortalProcessChainingProcess.java:146)
    at com.eds.bluesphere.framework.process.runner.V01.HttpServletProcessRunner.invokeDoProcess(Unknown Source)
    at com.eds.bluesphere.framework.process.runner.V01.HttpServletProcessRunner.execute(Unknown Source)
    at com.eds.bluesphere.framework.process.runner.V01.HttpServletProcessRunner.doPost(Unknown Source)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
    at com.eds.bluesphere.framework.process.runner.V01.HttpServletProcessRunner.service(Unknown Source)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
    at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source)
    at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:649)
    at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:322)
    at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:790)
    at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:270)
    at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:112)
    at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.0)].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
    at java.lang.Thread.run(Thread.java:534)
    thanks in advance..sha

    java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketImpl
    at oracle.security.ssl.OracleSSLCipherSuite.isSSLLibDomestic(Unknown Source)
    at oracle.security.ssl.OracleSSLCipherSuite.getSupportedCipherSuites(Unknown Source)
    at oracle.security.ssl.OracleSSLSocketFactoryImpl.getSupportedCipherSuites(Unknown Source)Some Orcale SSL related classes seem to be there as we see in the trace.
    Those classes seem to deal with general management.
    However, OracleSSLSocketImpl cannot be found, which makes me guess that you have
    some kind of non-SSL enabled version (trial perhaps?) of the Orcale software. Can it be the case?
    Or that you need to place another Oracle supplied jar in your classpath to get SSL to work?
    Edited by: baftos on Sep 26, 2008 11:43 AM

  • Error "java.lang.NoClassDefFoundError: sun/security/provider/Sun" in 10.1.2

    Hi,
    I developed an ADF UIX application in JDeveloper 10.1.2. It works fine when I run on embedded oc4j in my machine.
    I deployed it to Oracle Application Server 10g in AIX. When I run the application from the Application Server and try to open a uix page with data I get the following error:
    500 Internal Server Error
    java.lang.NoClassDefFoundError: sun/security/provider/Sun     at oracle.jbo.common.ampool.PoolMgr.createPool(PoolMgr.java:280)     at oracle.jbo.common.ampool.PoolMgr.findPool(PoolMgr.java:482)     at oracle.jbo.common.ampool.ContextPoolManager.findPool(ContextPoolManager.java:165)     at oracle.adf.model.bc4j.DataControlFactoryImpl.findOrCreateSessionCookie(DataControlFactoryImpl.java(Compiled Code))     at oracle.adf.model.bc4j.DataControlFactoryImpl.createSession(DataControlFactoryImpl.java(Compiled Code))     at oracle.adf.model.binding.DCDataControlReference.getDataControl(DCDataControlReference.java(Compiled Code))     at oracle.adf.model.BindingContext.get(BindingContext.java(Compiled Code))     at oracle.adf.model.binding.DCUtil.findSpelObject(DCUtil.java:228)     at oracle.adf.model.binding.DCUtil.findContextObject(DCUtil.java:308)     at oracle.adf.model.binding.DCIteratorBinding.<init>(DCIteratorBinding.java:127)     at oracle.jbo.uicli.binding.JUIteratorBinding.<init>(JUIteratorBinding.java:59)     at oracle.jbo.uicli.binding.JUIteratorDef.createIterBinding(JUIteratorDef.java:58)     at oracle.jbo.uicli.binding.JUIteratorDef.createIterBinding(JUIteratorDef.java:47)     at oracle.adf.model.binding.DCBindingContainerDef.createIterBindings(DCBindingContainerDef.java(Compiled Code))     at oracle.adf.model.binding.DCBindingContainerDef.createBindingContainer(DCBindingContainerDef.java(Compiled Code))     at oracle.adf.model.binding.DCBindingContainerReference.getBindingContainer(DCBindingContainerReference.java(Inlined Compiled Code))     at oracle.adf.model.BindingContext.get(BindingContext.java(Compiled Code))     at oracle.adf.model.binding.DCUtil.findSpelObject(DCUtil.java:228)     at oracle.adf.model.binding.DCUtil.findContextObject(DCUtil.java:308)     at oracle.adf.model.binding.DCUtil.findBindingContainer(DCUtil.java:536)     at oracle.adf.controller.lifecycle.LifecycleContext.initialize(LifecycleContext.java:121)     at oracle.adf.controller.lifecycle.LifecycleContext.initialize(LifecycleContext.java:77)     at oracle.adf.controller.struts.actions.DataActionContext.initialize(DataActionContext.java:51)     at oracle.adf.controller.struts.actions.DataAction.execute(DataAction.java:150)     at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)     at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)     at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)     at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)     at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))     at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java(Compiled Code))     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.AJPRequestHandler.run(AJPRequestHandler.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.AJPRequestHandler.run(AJPRequestHandler.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java(Compiled Code))     at java.lang.Thread.run(Thread.java:568)
    Can anybody tell/help why I am getting this error?
    Thanks
    Syed

    I believe this counts to be a bug in adf. I met with such errors as well in migration 1012 from NT to AIX platform, and after decompiling adf jar code and tak a look at it, the following code block indicates that In class- oracle.jbo.client.Configuration
    , it is hard coded to get secure provider- sun/security/provider/Sun, as listed below...
    import sun.security.provider.Sun;
    static void checkSecurityProviders()
    Provider aprovider[] = Security.getProviders();
    boolean flag = false;
    for(int i = 0; i < aprovider.length; i++)
    if(!aprovider.getName().equals("SUN"))
    continue;
    flag = true;
    break;
    if(!flag)
    try
    Sun sun = new Sun();
    Security.addProvider(sun);
    catch(Exception exception)
    exception.printStackTrace();
    Adam

  • Oracle Security Vulnerabilities?

    Hi all,
    We're running many PHP 5.x applications in a distributed environment that use the OCI client to access Oracle 10g databases.
    Our server administration group is migrating to a new server and is refusing to install or support the OCI Instant client under Linux saying it's a security problem. Specifically, they say that the OCI Instant Client is exposed to buffer overflows and stack smashing. Their recommendation? Rewrite all our apps to use another database. Yeah, right.
    They provided me with two sources to explain the issues:
    http://www.dummies.com/WileyCDA/DummiesArticle/id-2900.html
    and
    Re: Problems with libclntsh.so.10.1 and PHP/Apache HTTPD
    Is this really a security problem? If so, what can be done to mitigate the risk?
    Thanks,
    John

    Hi all,
    I thought I’d jump in this thread with a few thoughts.
    Security flaws unfortunately affect software, both commercial and open source. I believe that what sets Oracle apart from many other vendors is the company’s commitment to security. Oracle Software Security Assurance (http://www.oracle.com/security/software-security-assurance.html) includes the most transparent vulnerability remediation policy in the industry. Furthermore, the Critical Patch Update (CPU) process (http://www.oracle.com/technology/deploy/security/alerts.htm) provides a predictable mechanism for the remediation of security vulnerabilities in Oracle software. By comparison, open source involves unpredictable releases of security fixes.
    Now, getting back to the discussion in this thread: as much as we try to prevent vulnerabilities during development, as is the case with all large software products, some make their way into released code. As vulnerabilities are discovered, Oracle fixes them in order of severity and release fixes for them through the Critical Patch Update.
    An attacker could attempt to exploit the unpatched vulnerabilities through OCI or other protocols providing access to the database (This is not specific to OCI). Oracle’s recommendation is therefore to remain current on the Critical Patch Update (the last one was issued on July 17, 2007). Keep in mind that the CPU is cumulative for the database, and applying the most recent CPU will bring you at current security patch level, and this will significantly contribute to improving your organization’s security posture.
    Do not hesitate to contact me if you have questions at [email protected]
    Sincerely
    Eric Maurice
    Manager – Oracle Software Security Assurance

  • OSX Security Vulnerabilities - 20 found according to this article

    Via Gizmodo, here is an article about a guy finding 20 zero-day security holes in OSX. Zero-day threats refer to security vulnerabilities which do not yet have a fix. At present, Macs are highly resistant but not immune to viruses, but this article does raise a few red flags. Thoughts?
    Article: http://www.h-online.com/security/news/item/Mac-OS-X-safer-but-less-secure-Update -957981.html

    I've reposted this message in the "Using Mac OS X 10.6 Snow Leopard" forum. I posted here out of habit. I could not see how to delete the message, so please refer to this thread instead:
    http://discussions.apple.com/thread.jspa?threadID=2371811&tstart=0

  • OSX Security Vulnerabilities - 20 found according to article

    Via Gizmodo, here is an article about a guy finding 20 zero-day security holes in OSX. Zero-day threats refer to security vulnerabilities which do not yet have a fix. At present, Macs are highly resistant but not immune to viruses, but this article does raise a few red flags. Thoughts?
    Article: http://www.h-online.com/security/news/item/Mac-OS-X-safer-but-less-secure-Update -957981.html

    Usually these "security bulletin" type postings are completely bogus. The guy is trying to make a living finding exploits. So, he finds 20 in Mac OS X, and then goes to the media so he can make a name for himself. Most people will say "Wow, 20 exploits! That is a lot, maybe we should be worried. Maybe OS X is not as secure as we think it is."
    But, what is totally missing here that is completely necessary to make a conclusion like that is any semblance of detail. The comments on Giz nailed it already. Are these "exploits" in the core OS, or are they in Flash? Etc. Most importantly, are these "holes" able to be exploited remotely? If I had to guess I would have to say most are not remotely exploitable. So, if this is true, are they really something to worry about? Absolutely not.
    So, the guy holds back the details so that he can get some interest from some company that makes security software. Pay him a nice royalty to provide that information. Or maybe, he's fishing for Apple to hire him so that they can patch those holes. Either way, I'm not sure I can take him seriously.
    And honestly:
    Macs are highly resistant but not immune to viruses
    This statement is false and reads like a journalist trying to cover their bases when they really don't know what they're talking about. OS X is currently immune from viruses by the definition of the word. Of course, there are a couple "trojans" around, but those require you to type in your admin password and install yourself. So, they aren't really a threat at all, at least compared to what we see on Windows.
    --Travis

  • Are Security Vulnerabilities fixed by applying Oracle Server Patchsets

    Hi,
    I would like to know whether by applying Oracle Server Patchsets or by upgrading the Oracle Server from one version to another do we overcome the Security Vulnerabilities highlighted in the previous patchset or Oracle Server Version.
    For example if I have an Oracle Server 9.2.0.1 and I apply server patchest 9.2.0.8 do I overcome all the security vulnerabilities highlighted for version 9.2.0.1 and all other intervening versions. Similarly, if I upgrade my Oracle Server 9.2.0.6 to say Oracle Server 10g 10.2.0.3 do I overcome all security vulnerabilites highlighted fro 9.2.0.6 and all other intervening releases.
    Best Regards
    Syed Zaib ul Qamar

    Is there a link; or where can I go to find the types of and/or categories for the security vulnerabilities associated with (past and present) versions of Oracle? I work with a very large team of developers and some are DBAs that perform mainly custom coding in C++ and a little in Ada. I would like to ensure that our team is continually aware of the both past and current Oracle vulnerabilities when developing applications/scripts (designing, coding, reviewing, building, etc.), testing (including security) , quality assurance, packaging, and etc.
    Perhaps, this is a lot to ask; but, this at least a good palce to start.

  • Exception in thread "main" java.lang.NoClassDefFoundError: weblogic/securit

    Exception in thread "main" java.lang.NoClassDefFoundError: weblogic/security/subject/AbstractSubject
    hi i am trying to run ejb2 stateless session bean program but i am unable to solve the exception
    can anybody please help me to solve this problem..
    thanks in advance..
    Edited by: 959687 on Sep 17, 2012 10:17 PM

    E:\Oracle\Middleware\jdk160_35\bin>java weblogic.WLST E:\Oracle\Middleware\Oracl
    e_SOA\bin\soa-createUDD.py --domain_home E:/Oracle/Middleware/user_projects/doma
    ins/EPMSystem --soacluster soacluster
    Exception in thread "main" java.lang.NoClassDefFoundError: weblogic/WLST
    Caused by: java.lang.ClassNotFoundException: weblogic.WLST
            at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
            at java.security.AccessController.doPrivileged(Native Method)
            at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
            at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
    Could not find the main class: weblogic.WLST.  Program will exit.

  • JDev11g : How to add java servlet under ADF security policies

    I'm trying to set a same login on http servlet ( i create it trough wizard in jDev ) as it is for other .jspx pages.
    I configured the jazn-data.xml and login ( user roles, realms ) is working fine.
    But i can't configure http servlet to be under this authorization.
    This problem occured when I was migrating from jDev 11g TP4 to production also from OC4J to WebLogic,
    but if I create a new http servlet I am also unable to put it under JAZN authorization.
    Thank you in advance for your help, Rok Kogovšek

    I reproduced problem on new test application, it was working fine until I set up ADF Security by wizard.
    I choose ADF Authentication and Authorization then Http Basic Authentication ( on real project is form based but probablly this doesn't matters )
    then for Identy store I chose Application XML, no automatic grants and without redirect.
    I also set inside web.xml this ( to put servlet under same login as other pages ).
    *&lt;security-constraint&gt;*
    *&lt;web-resource-collection&gt;*
    *&lt;web-resource-name&gt;testServlet&lt;/web-resource-name&gt;*
    *&lt;url-pattern&gt;/test&lt;/url-pattern&gt;*
    *&lt;/web-resource-collection&gt;*
    *&lt;auth-constraint&gt;*
    *&lt;role-name&gt;valid-users&lt;/role-name&gt;*
    *&lt;/auth-constraint&gt;*
    *&lt;/security-constraint&gt;*
    When I finish this i got same error as on first project.
    Here is whole error:
    oracle.jbo.common.ampool.ApplicationPoolException: JBO-30003: The application pool (oracle.fod.mobile.testModuleLocal) failed to checkout an application module due to the following exception:
    at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:2262)
    at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:3086)
    at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:453)
    at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:424)
    at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:419)
    at oracle.jbo.client.Configuration.getApplicationModule(Configuration.java:1395)
    at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1363)
    at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1335)
    at oracle.fod.mobile.testServlet.doGet(testServlet.java:22)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(Unknown Source)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: oracle.adf.share.security.ADFSecurityAuthenticationException: JAAS login error.
    Invalid null input: name
    at oracle.adf.share.security.authentication.JAASAuthenticationService.doLogin(JAASAuthenticationService.java:120)
    at oracle.adf.share.security.authentication.JAASAuthenticationService.login(JAASAuthenticationService.java:89)
    at oracle.adf.share.security.authentication.JAASAuthenticationService.login(JAASAuthenticationService.java:71)
    at oracle.jbo.common.UserAznUtil.authenticate(UserAznUtil.java:62)
    at oracle.jbo.common.UserAznUtil.authenticateUser(UserAznUtil.java:29)
    at oracle.jbo.server.ApplicationModuleImpl.prepareSession(ApplicationModuleImpl.java:6387)
    at oracle.jbo.server.ApplicationModuleImpl.prepareSession(ApplicationModuleImpl.java:6356)
    at oracle.jbo.server.ApplicationPoolMessageHandler.doPoolMessage(ApplicationPoolMessageHandler.java:171)
    at oracle.jbo.server.ApplicationModuleImpl.doPoolMessage(ApplicationModuleImpl.java:8377)
    at oracle.jbo.common.ampool.ApplicationPoolImpl.sendPoolMessage(ApplicationPoolImpl.java:4364)
    at oracle.jbo.common.ampool.ApplicationPoolImpl.prepareApplicationModule(ApplicationPoolImpl.java:2421)
    at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:2207)
    ... 25 more
    Caused by: javax.security.auth.login.LoginException: Invalid null input: name
    at javax.security.auth.login.LoginContext.init(LoginContext.java:229)
    at javax.security.auth.login.LoginContext.(LoginContext.java:367)
    at javax.security.auth.login.LoginContext.(LoginContext.java:444)
    at oracle.adf.share.security.authentication.JAASAuthenticationService.doLogin(JAASAuthenticationService.java:102)
    ... 36 more
    *And here is the sample application on which i reproduced this error [http://www.k-invent.si/doc/testServlet.zip|https://marvin/exchweb/bin/redir.asp?URL=http://www.k-invent.si/doc/testServlet.zip]*
    Thank you for your help, Rok Kogov&scaron;ek

  • Nearly 200 security vulnerabilities. iPad 1 ...

    ...  doesn't get an update. Can't be used for web surfing anymore. This is unreal. Any news on fixing the security holes? I.e. iOS 5.1.2?
    Or at least release a free boot loader so a fixable OS can be installed, like Android. I can't believe to have paid 600 bucks and can throw that away now, just after 2 years.
    As soon as my MBA late 2010 or my wife's MacBook Pro die, we'll substitute with generic Ultrabooks/Ultrathins. I'm not at all satisfied with Apple anymore.

    Ups, just forgotten to add the "proof" that there is a real security threat without an update: Apple lists around 200 security vulnerabilities in iOS5, which are fixed within iOS6.
    http://support.apple.com/kb/HT5503
    So if you're doing some product search and buy online with the iPad 1, the risk that you get hacked and robbed rises every hour without update. Thus the iPad 1 can't be used for web surfing anymore - the only thing I bought it for. And I was wrong, I even paid 700 bucks for it (3G, 32GB). That was stupid. Intelligence dictates not to repeat such a horrible mistake again.

  • Security Vulnerabilities on CPUCMS

    Hi All
    Could someone assist me please?
    We running a demo version of CPUCMS at a customer and the System administrator has advised that there are
    security vulnerabilities on the server that runs CPUCMS and he would like to do the following:
    1) Locate file C:\PROGRA~1\CSCOpx\MDC\Apache\conf\httpd.conf
    Remove      -    SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:!LOW:RC4+RSA:+HIGH:+MEDIUM:!SSLv2:!EXP:!eNULL
    Add below:-
    SSLHonorCipherOrder On
          SSLCipherSuite RC4-SHA:HIGH:!ADH
    2.)    Disable remote service rexec  , rlogin and rsh
    Please advise if anyone has done this and also the impact it might cause on the application?
    Many thanks
    Shabeer

    Hi All
    Could someone assist me please?
    We running a demo version of CPUCMS at a customer and the System administrator has advised that there are
    security vulnerabilities on the server that runs CPUCMS and he would like to do the following:
    1) Locate file C:\PROGRA~1\CSCOpx\MDC\Apache\conf\httpd.conf
    Remove      -    SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:!LOW:RC4+RSA:+HIGH:+MEDIUM:!SSLv2:!EXP:!eNULL
    Add below:-
    SSLHonorCipherOrder On
          SSLCipherSuite RC4-SHA:HIGH:!ADH
    2.)    Disable remote service rexec  , rlogin and rsh
    Please advise if anyone has done this and also the impact it might cause on the application?
    Many thanks
    Shabeer

  • Security Vulnerabilities

    Hi List,
    Similar to like Bug Toolkit, Does Cisco have a tool which can provide a list of Security Vulnerabilities based on the IOS version you specify ?
    Bug Toolkit gives the list of all bugs, most of them are related to the functionality rather than Security. Filtering Security bugs is a difficult task.
    Cisco publishes security advisories, which gives the list of affected IOS versions.
    But, my requirement is to get the list of vulnerabilities after provision of IOS version.
    Was just wondering what is the best way to achieve this.
    Thanks,

    Cisco has a security advisory site. There is also a product alert tool here. I belive this is what you are looking for.
    http://www.cisco.com/en/US/products/products_security_advisories_listing.html
    Hope this helps.
    Steve

  • Security vulnerabilities in apache that comes with oracle database.

    Hi,
    We are having a QA database in Oracle enterprise version 9.2.0.4 on OS : OSF1.
    Recently our security team ran a test and found that the apache1.3 that comes as component of Oracle database is prone to security vulnerabilities. Also they suggested to remove the apache or upgrade to latest as remedy.
    When contacted to Oracle support, Oracle team replied apache upgrade should not be done instead latest apache seprately can be installed as reverse proxy. But when asked for steps/document there is no reply. Anyone faced this problem can provide any help/suggestion in this regard.
    I am attaching some of the threads identified by our Security Team for reference.
    1. Apache 1.3 HTTP Server Expect Header Cross-Site Scripting XXXX and YYYYYY ports 7782, 4889, 3339.
    2. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
    3. Keep-Alive: timeout=15, max=100
    Connection: Keep-Alive
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=iso-8859-1
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <HTML><HEAD>
    <TITLE>417 Expectation Failed</TITLE>
    </HEAD><BODY>
    <H1>Expectation Failed</H1>
    The expectation given in the Expect request-header
    field could not be met by this server.<P>
    The client sent<PRE>
    Expect: <script>alert(document.domain)</script>
    </PRE>
    but we only allow the 100-continue expectation.
    -CR

    I dont know how to find which components are using the apache. Help me if there is any way to find it. Only information i can say you is there is no other software installed that in that server other than oracle Database.

Maybe you are looking for