Burp Suite User Forum

Vulnerable Java JRE

Dransfeldt | Last updated: Jul 26, 2019 08:00AM UTC

Hi The newest version of the community edition for Linux is shipped with a private JRE (Oracle 1.11.0 2) which is effected by multiple vulnerabilities, can this be updated to 1.11.0 3? Thanks Br, Dransfeldt

Liam, PortSwigger Agent | Last updated: Jul 26, 2019 08:11AM UTC

Burp Community ships with OpenJDK Runtime Environment 11.0.2+9. Could you provide us with details of your security concerns?

Burp User | Last updated: Oct 10, 2019 10:13PM UTC

We are seeing this issue as well, Nessus is complaning about our Burp workstations due to vulnerable JRE. Will this be updated?

Mike, PortSwigger Agent | Last updated: Oct 11, 2019 09:43AM UTC

Thank you for the clarification, we have passed this onto our development team for their consideration.

Burp User | Last updated: Oct 11, 2019 02:30PM UTC

https://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19116/version_id-281792/Oracle-JDK-11.0.2.html

Burp User | Last updated: Oct 11, 2019 02:31PM UTC

https://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19117/version_id-286264/Oracle-JRE-11.0.2.html

You need to Log in to post a reply. Or register here, for free.