{"id":3657,"date":"2013-02-21T11:45:51","date_gmt":"2013-02-21T16:45:51","guid":{"rendered":"https:\/\/pitss.org\/us\/?p=3657"},"modified":"2017-05-09T13:31:37","modified_gmt":"2017-05-09T17:31:37","slug":"pitss-java-news-alert-impact-of-latest-java-security-update-on-oracle-forms","status":"publish","type":"post","link":"https:\/\/pitss.org\/us\/2013\/02\/21\/pitss-java-news-alert-impact-of-latest-java-security-update-on-oracle-forms\/","title":{"rendered":"PITSS JAVA NEWS ALERT: Impact of Latest Java Security Update on Oracle Forms"},"content":{"rendered":"<div align=\"center\">\n<table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"top\">\n<div>\n<p><strong>Critical\u00a0Java Security Update and Oracle Forms<\/strong><\/p>\n<\/div>\n<div>\n<p>On February 19th Oracle released another Critical Patch Update for Java SE and strongly recommends to apply these patches as soon as possible.<\/p>\n<div>\n<p>An exploit in the Java Runtime has been identified which allows attackers to remotely take control of a computer and run malicious code and software via the Java Runtime and Java Plugin for Internet\u00a0browsers. There are\u00a0<a href=\"http:\/\/r20.rs6.net\/tn.jsp?e=001h4Vy0lQO6rEtm1kEOWXunb7kDrxE5IOm-k1AHdHWkA27bKxRrEvfVpzCi0e5vldhBxaAO8fF5B6dS_w-D7nSiikPPTttZKUCJCPFTx-T7PdlOa7hG6su0Gfv7IidTt_4xsP9lfzmp-5zXXeh6tkqZ3iZstCjAQKx6EsxjvG9xO_ykn4xfM1CtGS-z8n8kfzeGTOa2HMH79g=\" target=\"_blank\" rel=\"noopener noreferrer\">58\u00a0known\u00a0vulnerabilities<\/a>\u00a0which attackers can use if customers are not running Java 7u15 (This later\u00a0version\u00a0addresses 47 of these vulnerabilities)\u00a0or higher.<\/p>\n<p>The key vulnerabilities attackers have exploited have been rated the\u00a0<a href=\"http:\/\/r20.rs6.net\/tn.jsp?e=001h4Vy0lQO6rEvnNY9wRypQq-E8YyYqexUidEnKQ590tC-7ZsfKBflwAyefNZGrxRVgZlxqVDX8PrmjlYQrVe1Zd21NASeCI5NQnbgDUc-HQ946d7wp0mNCv85hQ8W0tqdvF_MdxFbAByhqWpE4EUxbtNIJM_cSK0IauUVTpngrgcfENlkI6oPvw==\" target=\"_blank\" rel=\"noopener noreferrer\">maximum\u00a0score\u00a0of\u00a010<\/a>\u00a0using the Common Vulnerability Scoring System and put Forms customers at risk.<\/p>\n<p>The Department of Homeland Security has recommended that organizations who must use Java to run its applications to update to Java 7u11 or higher\u00a0with the\u00a0<a href=\"http:\/\/r20.rs6.net\/tn.jsp?e=001h4Vy0lQO6rGYa-lx7UhZ4uS6W2cLCf49I-FVPcUIXvEzF3Sn95M1455ub0hyIgiZnpeRsT2kBVeoa7_MTeyaKGpE8Eg1qNKsLjmdsjPW7xL70brZw2c7n05dbi1ufPlwoP9mpqX3-qo=\" target=\"_blank\" rel=\"noopener noreferrer\">recommended\u00a0release<\/a>\u00a0being 7u15+.<\/p>\n<p>In light of this significant security concern, here are answers to the four most frequently asked questions:<\/p>\n<p><strong>1.)\u00a0How does this affect my Forms environment?<\/strong><\/p>\n<p>Most Forms customers are at risk because the end-users run the Forms application in their Internet browser via a Java Plug-in. This is an issue because the only platforms\u00a0that are supported and certified by Oracle to run Forms applications on JRE 7 are\u00a0the Forms 11.1.2.1 and Forms 11.1.1.6 Releases. Running JRE\u00a07 with un-certified Oracle Forms server versions has been known to cause issues. Thus, it is recommended to upgrade the server architecture before updating their client desktops to use JRE 7.<\/p>\n<p><strong>2.) What are the supported Oracle Forms Releases for Java 7?<\/strong><\/p>\n<p>When choosing to upgrade to Java 7, it is important to verify the WebLogic and Oracle Forms versions, as not all forms versions are supported to use Java 7. The Oracle WebLogic Server<\/p>\n<div>\n<div>\n<p><strong>MUST<\/strong>\u00a0be 10.3.6\u00a0(the latest version as of February 20, 2013),\u00a0and the\u00a0<strong>ONLY<\/strong>\u00a0Oracle Forms versions supported to use Java 7 are:<\/p>\n<\/div>\n<\/div>\n<p>&#8211; 11gR1 (Oracle Forms and Reports 11.1.1.6)<br \/>\n&#8211; 11gR2 (Oracle Forms and Reports 11.1.2.1)<\/p>\n<p><strong>3.) How to Upgrade the Oracle Forms version\u00a0to meet the Java 7 requirements?<\/strong><\/p>\n<p>This depends on the specific environment installed (e.g. if Oracle Forms is\u00a0integrated with Oracle Portal or Discoverer). An overview of the upgrade paths can be found\u00a0<a href=\"http:\/\/r20.rs6.net\/tn.jsp?e=001h4Vy0lQO6rHyjgUXFLrpLu1QRG04Xp1stMhsUEQl4KgtEcBuuWrwlagRBE9oBk8ahks1uGeFLtRkY10BKVw6vtu_EcYoQzrLgcArp283S5f4cz35humVucUsDEy0uvlasOhq4Z5pOO83dYbsQmwb7a4vAIAQ6tD0UkyZzYRgcV6uEqsGrxRcjEgLwFDFMTGv7sQI5pKFZlWJStbTiW-_Sbj9dCSVtYLZ8JYw7JRkZkQ=\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>. PITSS Consultants are prepared to support and accompany your upgrade project &#8211; please\u00a0<a href=\"mailto:us.info@pitss.org\" target=\"_blank\" rel=\"noopener noreferrer\">contact\u00a0PITSS<\/a>\u00a0to analyze your situation and schedule the upgrade.<\/p>\n<p><strong>4.) What changes in the Forms Environment are required after the\u00a0Upgrade to Java 7?<\/strong><\/p>\n<div>\n<p>If Java 7 is installed after the upgrade to 11gR1 or 11gR2 some changes in\u00a0formsweb.cfg are required &#8211; please find the details\u00a0<a href=\"http:\/\/r20.rs6.net\/tn.jsp?e=001h4Vy0lQO6rHyjgUXFLrpLu1QRG04Xp1stMhsUEQl4KgtEcBuuWrwlagRBE9oBk8ahks1uGeFLtRkY10BKVw6vtu_EcYoQzrLgcArp283S5f4cz35humVucUsDEy0uvlasOhq4Z5pOO83dYbsQmwb7a4vAIAQ6tD0UkyZzYRgcV6uEqsGrxRcjEgLwFDFMTGv7sQI5pKFZlWJStbTiW-_Sbj9dCSVtYLZ8JYw7JRkZkQ=\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n<\/div>\n<p><strong>Further Information\u00a0<\/strong><\/p>\n<p>Please do not hesitate to contact us if you have any further questions on this topic.\u00a0Email at <a href=\"mailto:us.info@pitss.org\">us.info@pitss.org<\/a>\u00a0or call Kelly Genovich at +1 248 740 0935 Ext 15<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div align=\"center\">\n<table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"top\"><strong>Customers Running Unsupported Oracle Forms (10g,9i,6i,&#8230;)<\/strong><\/p>\n<div>\n<p>For any customers currently running Oracle 10g and below it is highly encouraged to upgrade the Forms source code and\u00a0architecture\u00a0to run on Forms 11gR2 (11.1.2.2) with Java 7u15. If you are using PITSS.CON and have questions on the upgrade process, please contact <a href=\"mailto:us.support@pitss.org\">us.support@pitss.org<\/a>. In addition, PITSS Consultants are prepared to support and accompany your upgrade project &#8211;\u00a0<a href=\"mailto:us.info@pitss.org\" target=\"_blank\" rel=\"noopener noreferrer\">please\u00a0contact\u00a0PITSS<\/a><\/p>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Critical\u00a0Java Security Update and Oracle Forms On February 19th Oracle released another Critical Patch Update for Java SE and strongly recommends to apply these patches as soon as possible. An exploit in the Java Runtime has been identified which allows attackers to remotely take control of a computer and run malicious code and software via [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[2],"tags":[],"class_list":["post-3657","post","type-post","status-publish","format-standard","hentry","category-recent-news-and-events"],"_links":{"self":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/3657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/comments?post=3657"}],"version-history":[{"count":4,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/3657\/revisions"}],"predecessor-version":[{"id":8998,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/3657\/revisions\/8998"}],"wp:attachment":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/media?parent=3657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/categories?post=3657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/tags?post=3657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}