Guest

Cisco IPS 4200 Series Sensors

Field Notice: FN - 62051 - PIX, FWSM and IPS Device Managers Incompatability with Java Plug-In Versions 1.4.2_08 and 1.5.0_02


Revised November 16, 2006

May 16, 2005

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Affected

Comments

PDM

PIX Device Manager 3.0(1), 3.0(2), 4.0(1), 4.1(1)

IDM

IDS Device Manager 5.0(1)

Problem Description

PIX Device Manager (PDM) versions 3.0(1) , 3.0(2), 4.0(1), and 4.1(1), and IDS Device Manager (IDM) version 5.0(1), are incompatible with Java Plug-in versions 1.4.2_08 and 1.5.0_02 or later. If these Java Plug-ins are used in conjunction with the impacted PDM or IDM releases, the application will not load.

Background

Changes made in the Java Plug-in 1.4.2_08 and 1.5.0_02 break the existing code loading functionality in PDM and IDM.

Problem Symptoms

Impacted PDM and IDM versions will not load when launched from a browser using Java Plug-in 1.4.2_08 or 1.5.0_02 or later. If you bring up the Java console, there will be a java.security.AccessControlException error:

Requesting URL: 
https://my.firewall.name/jploader.jar 
java.security.AccessControlException: access denied (java.util.PropertyPermission 
java.version read) 
at java.security.AccessControlContext.checkPermission(Unknown Source) 
at java.security.AccessController.checkPermission(Unknown Source) 
at java.lang.SecurityManager.checkPermission(Unknown Source) 
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source) 
at java.lang.System.getProperty(Unknown Source) 
at com.cisco.pdm.e.c.q(Unknown Source) 
at com.cisco.pdm.e.c.h(Unknown Source) 
at com.cisco.pdm.a.byte(Unknown Source) 
at com.cisco.pdm.PDMApplet.start(Unknown Source) 
at com.cisco.nm.util.sgz.Env.start(Env.java:37) 
at com.cisco.nm.util.sgz.Loader.start(Loader.java:109) 
at sun.applet.AppletPanel.run(Unknown Source) 
at java.lang.Thread.run(Unknown Source)

Workaround/Solution

The latest maintenance releases PDM 3.0(3) and later, PDM 4.1(2) and later, and IDM 5.0(2) and later resolve this issue.

Version 3.x PDM software can be found at the Cisco PIX Security Appliance Software Download (registered customers only) page.

Version 4.x PDM software which manages FWSM version 2.x can be found at the Cisco Catalyst 6000 FireWall Service Module 3DES Software (registered customers only) page.

IDS sensor images with built-in IDM can be found at the following links:

Appliances (registered customers only)

ASA-AIP-SSM (registered customers only)

NM-CIDS (registered customers only)

IDSM2 (registered customers only)

Impacted Software Versions

PDM versions 3.0(1), 3.0(2), 4.0(1), 4.1(1), and IDM version 5.0(1) are impacted by this issue and will not load properly when used in conjunction with Java Plug-In versions 1.4.2_08 and 1.5.0_02 or later. Customers running these versions of PDM or IDM should either uninstall the newer Java Plug-Ins and re-install previous versions of the Java Plug-In, or upgrade their PDM and IDM images to the versions indicated in the following table.

Impacted Version

Upgrade Version

PDM 3.0(1), PDM 3.0(2)

PDM 3.0(3) and later

PDM 4.0(1), PDM 4.1(1)

PDM 4.1(2) and later

IDM 5.0(1)

IDM 5.0(2) and later

PDM versions 1.0 through 2.1 only support the native Internet Explorer and Netscape Java virtual machines and do not support the Java Plug-In. Customers using these versions of PDM should refer to the appropriate release notes to find supported browser versions.

IDM versions 3.1 through 4.1 do not utilize Java and are purely HTML-based. They are not affected by this issue.

Adaptive Security Device Manager (ASDM) versions 5.0(1) and later are not impacted by this issue and operate normally when used in conjunction with the Java Plug-In versions 1.4.2_08 and 1.5.0_02.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCeh50967 (registered customers only)

PDM 3.0 does not run with Java 1.5.0_02 and 1.4.2_08

CSCeh45853 (registered customers only)

PDM 4.1 does not run with Java 1.5.0_02 and 1.4.2_08

CSCeh39422 (registered customers only)

IDM 5.0(1) does not load with latest Sun JRE plugin 1.5.0 Update 2

Revision History

Revision

Date

Comment

1.3

16-NOV-2006

Added URLs to Workaround/Solution section

1.2

04-AUG-2006

Added 4.x software link, added wording to denote later versions of software

1.1

06-JUN-2006

Added software download URLs to Workaround/Solution section, updated title format

1.0

16-MAY-2005

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.