cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
100213
Views
36
Helpful
43
Replies

Java securityexception error on Web VPN

Florian Ostkamp
Level 1
Level 1

Hello,

I have a problem with my Cisco ASA 5510 Clientless SSL Webvpn.

After Oracle updates its Java Version, our JAVA Webportal ist not completly working.

Our clientless SSL Web Portal is running on a Cisco ASA 5510 with Version 9.1.3.

On this portal we provide the JAVA RDP Plugin and the JAVA Citrix Plugin.

All Java Plugins are working with Java 7 Update 25.

But with the newest Version Java 7 Update 45 it is not working.

It is comming the following Error.

-----------------------------------

"SecurityException"

com.sun.deploy.net.JARSigningException: Unsignierter Eintrag gefunden in Ressource:

https://XXXXXXX/ica/JICA-configN.jar

---------------------------------

XX=our portal-url

Has somebody the same problem?

I need a solution, because we are using this solution for round about 200 User.

Thank you very much.

Florian

2 Accepted Solutions

Accepted Solutions

Mohammad Alhyari
Cisco Employee
Cisco Employee

ASA WebVPN Java Plugins fail after upgrade to Java 7 Update 45
CSCuj88114


Sent from Cisco Technical Support Android App

View solution in original post

9.1.4 was released on the 9th December which claims to fix this bug.

GTG

Please rate all helpful posts.

Please rate all helpful posts.

View solution in original post

43 Replies 43

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

We dont have much use for Clientless VPN environments and I have not been the person responsible for managing them (until now when one of our employees changed employer)

Though we only had reports from a single user and had to resort to changing to Java SE 6 Update 45. Though even then it seemed that Internet Explorer wouldnt work and "had" to use Firefox.

I have personally not run into many problems with Java as I have not managed Clientless VPN environments (until now) and I have never really used ASAs ASDM so usually the quickest choice would be to downgrade.

Though I would really love to have a proper solution to this myself also without resorting to downgrading each time a problem occurs.

In our situation the problematic situation doesnt show the error message that you are seeing each time. We have a bookmark for the user to use initiate RDP session which before changing the Java SE to 6 Update 45 resulted in the WebVPN portal just reloading the portal page without any error message or other output whatsoever.

- Jouni

We are experiencing the same issue with Chrome/FF.  IE seems to be OK.  Java v7 r45 that updated today.  Did anyone find a fix?

Here's the error's details.

Java Plug-in 10.45.2.18

Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM

User home directory = C:\Documents and Settings\name

----------------------------------------------------

----------------------------------------------------

CacheEntry[https://dn/CACHE/sdesktop/install/binaries/instjava.jar]: updateAvailable=false,lastModified=Wed Dec 31 19:00:00 EST 1969,length=117093

Missing Application-Name: manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Permissions manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Codebase manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Application-Name: manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Permissions manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Codebase manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Application-Name: manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Permissions manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Codebase manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Tue Oct 22 11:26:52 EDT 2013 Retrieved CSD stub path: C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:52 EDT 2013 CSD stub will be downloaded

Tue Oct 22 11:26:52 EDT 2013 Download url : https://dn/CACHE/sdesktop/hostscan/windows_i386/cstub.exe

Tue Oct 22 11:26:52 EDT 2013 Download path : C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 Downloaded https://dn/CACHE/sdesktop/hostscan/windows_i386/cstub.exe to C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 file signature verification PASS: C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 file signature verification PASS: C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 Spawned CSD stub.

Here's my fix:

Install RE v7.025

Remove RE v7.045

Reduce the security level in Java to MED

I hope Cisco gets off of the Java engine soon.

Mohammad Alhyari
Cisco Employee
Cisco Employee

ASA WebVPN Java Plugins fail after upgrade to Java 7 Update 45
CSCuj88114


Sent from Cisco Technical Support Android App

Mohammed,

Is cisco going to release an update of the RDP plugin. It seems that Cisco do not comply with the requirements of Oracle related to signing the java applets? I'm not sure if I'm right because I do not understand all the java gibberish. All I know it is very anoying ;-)

https://blogs.oracle.com/java-platform-group/entry/updated_security_baseline_7u45_impacts

9.1.4 was released on the 9th December which claims to fix this bug.

GTG

Please rate all helpful posts.

Please rate all helpful posts.

This bug is now showing as fixed - But not for the latest 9.1(4) software.

GTG

Please rate all helpful posts.

Please rate all helpful posts.

i'm now running asa 9.2.1 still same problem

 

markorchard
Level 1
Level 1

Hi,

I've been having the same issue with users after they upgraded to Java 7 Update 45.

Error states: com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: https://FQDN/+CSCO+guid++/rdp/properJavaRDP14-1.1.jar

I have downloaded the latest Terminal Service Client Plugin for ASA from the download site but that has made no difference.

I have unzipped the jar and remove references to any signing and re-archived the jar file but still not working.

I have set Java security settings to medium but it still does not work.

Has anyone managed to get this working at all?

DPC
Level 1
Level 1

The workaround posted in the Cisco  Bug is to uncheck the setting "Keep temporary files on my computer"  which is found in the Java Control Panel under the General Tab /  Temporary Internet Files / Settings ...

This workaround has worked for me with Jave 7 Update 45 on both PC and Mac.

David Charlebois wrote:

The workaround posted in the Cisco  Bug is to uncheck the setting "Keep temporary files on my computer"  which is found in the Java Control Panel under the General Tab /  Temporary Internet Files / Settings ...

This workaround has worked for me with Jave 7 Update 45 on both PC and Mac.

Hi David,

Thanks very much that fixed the issue for me as well. I've tested on PC with IE, Firefox and Chrome and can confirm they work as expected.

Regards

David

Can you post the Bug ID?

/hamderdoygaard

CSCuj88114

ASA WebVPN Java Plugins fail after upgrade to Java 7 Update 45
Symptom:
ASA WebVPN Java Plugins fail to load after  upgrade to Java 7 Update 45 with the following General Exception error -  'com.sun.deploy.net.JARSigningException: Found unsigned entry in  resource: https:///+CSCO+xxxxxxxxxxxxxxxxxxxxxxx++/vnc/VncViewer.jar'

Conditions:
Windows or Mac OSX machines using Java 7 Update 45.

Workaround:
1)  Disable the option 'Keep temporary files on my computer' on the Java  Control Panel -> General -> Settings. This works for both Mac OSX  and Windows.

2) Downgrade Java to version 7 Update 40 or below.

Further Problem Description:

Bart van Dam
Level 1
Level 1

Hi,

I see that the status of this bug is fixed. How come that the bug ID is not mentioned in the release notes of the latest 9.1.3 intrim update ? Does the 9.1.3 intrim software update fix this issue ? Or did i overlook something ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: