08-15-2011 6:55 PM
Hello Gurus,
Can you please help me to understand the below information about the OSS note 1616259
u2022 what is the security issue/concern
u2022 what is the fix (SAP Note) & it's potential impact
u2022 when we can implement it
u2022 what kind of testing required
Thanks
Praveen Kumar
08-15-2011 7:08 PM
Hi,
There are a few threads all ready on this topic, here is the latest:
Notes 1616058 and 1589525 contain all the information available so far, Applying the patches mentioned in the note won't casue any problems, will require some down time to apply the patch though thats availble from the market place.
More info on the security threat can be found at http://erpscan.com/wp-content/uploads/2011/08/A-crushing-blow-at-the-heart-SAP-J2EE-engine_whitepape...
Kind regards,
Cathal
08-16-2011 5:26 AM
Hello,
Thanks for your reply, are these notes which you are refering to be applied in Java stack or ABAP stack?
Thanks
Edited by: Praveen Kumar M P on Aug 16, 2011 6:26 AM
08-16-2011 7:07 AM
Hi,
Security notes 1589525 and 1616058 should be applied for Java Stack, the method is given in each note.
Thanks.
08-28-2011 11:51 PM
Not sure if anyone has apply 1589525 yet. I have tried to patch LM-TOOLS NW701 SP10 to J2EE instance on NW701 SPS 7 according to note 1589525 and getting errors
"Arguments: []--> : Can't find resource for bundle java.util.PropertyResourceBundle, key com.sap.engine.services.ejb.exceptions.deployment.EJBDeploymentException: Incorrect application sap.com/tclcmdeployer:"
Tried on different instance and yet getting the same error.
K.