Windows Oracle Java Modernization Summary A recent update...
Windows Oracle Java Modernization Summary A recent update to our Windows Java initial detection greatly improved the identification of the Java type as Oracle Java. However, our older Windows Java vuln detections (from as far back as 2013) were not built to leverage the newer initial detection internal reporting, and stopped showing up on customer scans. Change To resolve this, our Research team transitioned the older vuln detections to leverage the new initial detection internal reporting convention. In all, 38 Windows Oracle Java plugins were modernized and telemetry is showing they are again reporting on customer scans. Impact Customers should see the windows Oracle Java vuln detections return to scan reports. Target Release Date 20 DEC 2024Summary Improved Windows Java Detection. Changes To enhance...
Summary Improved Windows Java Detection. Changes To enhance the precision of our Windows Java detection, Tenable Research is introducing updates to refine the inspection and identification of Java artefacts. These changes are designed to improve the handling of Java versions, particularly in embedded environments, ensuring more accurate detection and reporting. The Windows Java detection plugin, plugin ID 148499, has undergone optimisation to better locate and examine the artefacts within subdirectories housing the Java binary that are commonly found in distributions. This enhancement aims to refine version accuracy and granularity, leading to more precise detections. Impact Users should expect to see more accurate version detection of their Windows Java installs and a possible increase in the number of detected installs. Impacted Plugins 148499 - Java Detection and Identification (Windows) Target Release Date Tuesday, March 19, 2024
IBM Java detection updates Summary Tenable’s detection...
IBM Java detection updates Summary Tenable’s detection plugins for Java now use additional methods to detect IBM Java. Change A series of plugins are used to detect Java JRE on scan targets. For Java installs on Windows, plugin 148499 performs initial detection. In June 2023, we updated Java plugins in response to a security advisory, with several defense-in-depth fixes and added several alternative methods, such as inspection of files that are often included with the distributions. Recently, Tenable was notified that detection of IBM Java for Windows was failing to collect a sufficiently granular version of the product for accurate vulnerability determination in certain cases. Additional files that contain the granular version number were identified and are now used for detection on that platform. Tenable will continue to enhance our detection of IBM Java JRE for corner cases, as they are identified, which would enable holistic detection in customers’ environments. Impact Plugin 148499 will now examine an additional set of files to identify IBM Java on Windows platforms to collect a granular version number, so that downstream vulnerability determination can be made. Plugin 148499 - Java Detection and Identification (Windows) Target Release Date September 5, 2023Updates to Detection of Java on Unix/Linux Summary The Java...
Updates to Detection of Java on Unix/Linux Summary The Java Detection and Identification (Linux/Unix) plugin has been updated to provide detections while avoiding a reported vulnerability and potential privilege escalation. Change As a part of Tenable’s response to TNS-2023-21, a vulnerability reported by CrowdStrike researcher Patrick Romero, Nessus plugin 147817 has been updated. The plugin identifies the distribution and version of Java on Linux and Unix systems. The plugin uses a variety of methods to perform this detection. Previously, one of the methods used in some cases was to execute the java runtime binary with a -version argument and read the output. This method has been removed from the plugin, and replaced with different methods that provide equivalent detection. Impact Customers should notice no material difference in the operation or findings from this plugin. In weeks of testing, Tenable researchers have seen parity in detection between the previous and current methods. If customers feel detection has been affected by this change, please contact Tenable Customer Support. Plugin 147817 - Java Detection and Identification (Linux/Unix) Target Release Date June 26, 2023Apache Log4j Detection for Windows - Manifest / Properties...
Apache Log4j Detection for Windows - Manifest / Properties Detection Update Summary: In the light of resource requirements to scan entire file systems along with inspecting each Java archive file in-depth while checking the manifest and properties files, we have decided to require that the following settings be enabled to leverage the detection using manifest and properties files in Apache Log4j JAR Detection (Windows) (156001): ‘Perform thorough tests’ setting must be enabled ‘Override normal accuracy’ setting must be set to ‘Show potential false alarms’ This feature was first released in Nessus plugin feed 202201080412. We are looking at ways to further optimize this feature to enable faster scans while lowering its impact on system resources. Impact: Customers may observe fewer resources being consumed on Windows scan targets during a local or Agent scan but may also observe slightly fewer Apache Log4j detections that were detected via the manifest or properties file over the past several days. Once ‘Perform thorough tests’ and ‘Override normal accuracy’ settings are configured as mentioned above, the detections should re-appear. A consequence of this change is that some Apache Log4j vulnerabilities may appear as remediated if they were previously detected via this method and subsequent scans did not have the aforementioned settings enabled. Plugin: Apache Log4j JAR Detection (Windows) (156001) References: Assessment Scan Settings - Perform thorough tests and Override normal Accuracy settings Target Release Date: January 12, 2022 (released in Nessus plugin feed 202201130817)Enhanced Java Detection Background Nessus plugins 147817...
Enhanced Java Detection Background Nessus plugins 147817 and 148499 detect Java Runtime Environments (JREs) and other Java executable files on target hosts through several methods. One of these methods is to check the output of the Java executable with the ‘version’ flag if the executable is in a limited whitelist of directories created by Tenable or digitally signed. Change The logic in 147817 and 148499 has been updated to be more efficient and accurate by leveraging the output of the Java executable as the highest priority for identification and no longer run other detection methods for that Java install. Other detection methods, such as inspecting the binary and associated metadata, will be performed if the binary is not in a whitelisted directory or the output fails validation. Impact Customers should expect reduced scan times and more accurate reporting of Java instances along with an associated note indicating that the version was obtained by "self reported version information.” This change may potentially result in additional or fewer vulnerability findings. Plugins 147817 - Java Detection and Identification (Linux / Unix) 148499 - Java Detection and Identification (Windows) Target Release Date March 14, 2022 Update: These changes have been released in 202203142037 (Linux / Unix) and 202203151614 (Windows)Apache Log4j Detection Optimizations Summary: While the...
Apache Log4j Detection Optimizations Summary: While the operating system ultimately controls scheduling and resource allocation, we have made additional optimizations to the Apache Log4j JAR Detection (Windows) (156001) plugin to reduce the resource usage while scanning entire file systems along with inspecting each Java archive file on the target Windows host during the scan. Impact: Customers should observe fewer resources being consumed on Windows scan targets during a local or Agent scan but may also observe longer scan times. Note that the plugin timeout can be adjusted under Advanced Settings (e.g. timeout.156001) to a different timeout other than the default of one hour to assist in performance. Also, please make sure that any security controls on the host are not interfering with the detection and possibly causing additional resource usage. Plugin: Apache Log4j JAR Detection (Windows) (156001) Target Release Date: January 19, 2022 (released in Nessus plugin feed 202201200227) The plugin has been updated to no longer use the 'dir' and 'findstr' anymore since this can potentially use more resources and using Powershell for the file system scan, while potentially slower, uses less resources. Also, the plugin has been updated to slow down the Java archive inspection in Powershell before explicitly closing the handle. This should assist with the garbage collection and result in considerably less resource usage.Apache Log4j Detection Additional Improvements Summary:...
Apache Log4j Detection Additional Improvements Summary: Additional improvements have been made to the Windows and Linux / Unix detection plugins for Apache Log4j. The improvements have been released or will be released shortly include: Apache Log4j Installed (Linux / Unix) (156000) Check the MANIFEST or properties file in detected Java archive files for the presence and version of Log4j. The detected version from this method will be used over other versions detected. Only the file contained directly within the Java archive file will be inspected. There is no recursion at this time. Improved error handling and handling of partial results when the plugin would normally time out. Any errors will be included in the report after the detected installs. Additional alternative commands (‘jar’ and ‘grep’) used for Java archive inspection Extra processing of the ‘locate’ database Increased timeouts Note: the plugin timeout can be adjusted under Advanced Settings for Nessus 8.15.1 and later. Apache Log4j JAR Detection (Windows) (156001) Check the MANIFEST or properties file in detected Java archive files for the presence and version of Log4j. The detected version from this method will be used over other versions detected. Only the file contained directly within the Java archive file will be inspected. There is no recursion at this time. Increased timeouts Please note that we are working on additional improvements and have been rolling code changes out in a phased approach which allows us to build upon previous improvements while being cautious about potential issues. The changes that are made to these detection plugins need to be carefully considered, implemented, and tested since they need to fit alongside many other plugins in different scan configurations without causing issues unlike tools specifically made for Apache Log4j. Please open a technical support ticket if you are having issues so that we can collect the required information to diagnose your issue. Impact: Customers should expect to see improved local detection of Apache Log4j potentially resulting in an increase in new vulnerability detections and longer scan times. Note that any scans with plugins 156000, 156001, or that depend on these detection plugins enabled may take longer due to the expanded detection methods. Plugins: Apache Log4j Installed (Linux / Unix) (156000) Apache Log4j JAR Detection (Windows) (156001) Target Release Date: By January 7, 2022 (released in plugin feed 202201080412)
OpenJDK Vulnerability Coverage Background As part of our...
OpenJDK Vulnerability Coverage Background As part of our efforts to enhance our cyber exposure capabilities for middleware, Tenable Research is expanding Java detection and vulnerability coverage including different managed and unmanaged Java flavours. Change A number of Nessus plugins are being released checking for OpenJDK vulnerabilities, as described in the OpenJDK advisories since 2019 (see https://openjdk.java.net/groups/vulnerability/advisories/). Impact Customers may start seeing a number of these new plugins firing, reporting OpenJDK vulnerabilities for instances found in their systems. Plugins 151214 OpenJDK 2019-04-16 151215 OpenJDK 2019-07-16 151213 OpenJDK 2019-10-15 151210 OpenJDK 2020-01-14 151208 OpenJDK 2020-04-14 151212 OpenJDK 2020-07-14 151211 OpenJDK 2020-10-20 151209 OpenJDK 2021-01-19 151207 OpenJDK 2021-04-20 Target Release Date 6 July 2021