Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

java version with burp enterprise

scott van velsor Oct 16, 2019 04:08AM UTC

How do I upgrade the vulnerable java 9 version bundled with Burp Enterprise?


Mike Eaton Oct 17, 2019 08:06AM UTC Support Center agent

Hi Scott, Unfortunately, we don’t have a mechanism to update the JRE bundled with Enterprise.

Do you have any documentation about these vulnerabilities?


scott van velsor Oct 17, 2019 06:32PM UTC
Java9 is EOL as of march 2018, and therefore not being evaluated for security vulnerabilities.
http://www.oracle.com/technetwork/java/eol-135779.html

This is a security tool that I cannot run in my secure environment due to it running a non-compliant version of java.

Liam Tai-Hogan Oct 22, 2019 02:43PM UTC Support Center agent

Hi Scott

We’re currently reviewing your issue. We’ll get back to you when we have something to share.


Liam Tai-Hogan Oct 23, 2019 08:18AM UTC Support Center agent

We are planning to upgrade the embedded Java version before long, unfortunately, we can’t provide an ETA.

Although Java 9 is no longer supported, we have reviewed the security issues that have been raised since the last release. These are mostly not relevant to server applications, and only affect applets running in the browser, etc. A remaining few issues are denial of service issues in the image decoding libraries which are not used in Enterprise. Our assessment is that there is currently not a significant risk in remaining on Java 9, but we will continue to monitor the situation.


Post Your public answer

Your name
Your email address
Answer