False Positives Reported for Java Vulnerabilities or CVEs in Prisma Cloud Compute

False Positives Reported for Java Vulnerabilities or CVEs in Prisma Cloud Compute

7583
Created On 04/30/22 07:00 AM - Last Modified 05/03/22 11:13 AM


Symptom


  •  False Positives Reported for Java Vulnerabilities or CVEs in Prisma Cloud Compute

Environment


  • Prisma Cloud Compute 

Cause


  • Java binary from version 1 to 8 uses “1.X” pattern for version.
  • Java 4 is version 1.4, Java 5 is version 1.5, and so on.
  • Since few Java CVEs are labeled with version 5 or 6 without the prefix 1.5 or 1.6, they are (wrongly) applied on Java 8 which has version 1.8 (as 1.8 < 6).

 

Resolution


  • The fix is made in the intelligence, which once deployed, will rebuild the vulnerabilities feed, and will be pushed automatically.
  • The fix is applied in 21.08.520 i.e. Iverson, 21.08 update 1 : 21-08-update
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OTGCA2&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language