1 Reply Latest reply: Apr 9, 2013 12:58 PM by Rogerl-Oracle RSS

    Java on web sites not up to date

    1002052
      Greetings - The company I work for has good security awareness and we are fairly prompt at installing Java update when vulnerabilities are found in existing versions. However, we find that many web sites do not update their Java as promptly as we do and subsequently we get messages that state OUR java is insecure or other things along those lines. This affects our staff's production and it seems the only thing to do in some cases is to revert back to vulnerable versions of Java.
      Do any of you have other ideas or proven ways to mitigate this oddity?

      Thanks!

      Lawson...
        • 1. Re: Java on web sites not up to date
          Rogerl-Oracle
          999049 wrote:
          However, we find that many web sites do not update their Java as promptly as we do and subsequently we get messages that state OUR java is insecure or other things along those lines. This affects our staff's production and it seems the only thing to do in some cases is to revert back to vulnerable versions of Java.
          Can you be more specific?
          There are a number of avenues where such a message can be seen.
          -- The website can do detection itself and create such a message.
          -- Most browsers are now checking versions of installed plugins to see if they are out of date.
          -- Some sites could be looking for Java 6 or Java 7 and messaging based on what is found.

          Examples of sites and screenshots are needed to understand what could be taking place.

          There are sites, like http://imgur.com/, that make it very easy to share screenshots.

          -Roger