Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

OpenJDK 16.0.2 Multiple Vulnerabilities

Ryan | Last updated: Mar 14, 2022 04:40PM UTC

Nessus is stating that the Burp server is using OpenJDK 16.0.2 which has multiple vulnerabilities as reference in the 2021-10-19 Java advisory (https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19). This finding has persisted through many Burp updates. I verified that Burp is causing the finding by removing Burp and getting a clean scan. I then reinstalled Burp using Professional 2022.2.3 and the finding returned. Is there a plan to move to OpenJDK 17 or newer for Burp? Is their any way to update OpenJDK manually without breaking Burp functionality? Nessus Output: Description The version of OpenJDK installed on the remote host is prior to 7 <= 7u311 / 8 <= 8u302 / 11.0.0 <= 11.0.12 / 13.0.0 <= 13.0.8 / 15.0.0 <= 15.0.4 / 16.0.0 <= 16.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021-10-19 advisory. Solution Upgrade to an OpenJDK version greater than 7u311 / 8u302 / 11.0.12 / 13.0.8 / 15.0.4 / 16.0.2 Plugin Output Path : /opt/BurpSuitePro/ Installed version : 16.0.2 Fixed version : Upgrade to a version greater than 16.0.2

Hannah, PortSwigger Agent | Last updated: Mar 15, 2022 08:49AM UTC