Update March 23, 2021: These enhancements are now live on all Qualys shared platforms.
- Vulnerability signature version: VULNSIGS-2.5.140-2
- Manifest version: lx_manifest-126.96.36.199-2
- Cloud Agent version: 2.4.0.x or later
Original post: On December 10, 2020, Qualys made enhancements to its discovery of Oracle Java instances, which gave customers comprehensive visibility of Oracle Java instances found in both standard and non-standard locations.
Further expanding on those enhancements, we are updating the reporting of Oracle Java QIDs. Customers will now be able to identify if an Oracle Java instance was detected via Default discovery, which indicates it was found in a standard location using the original detection method; or via Enhanced discovery, which indicates it was found in a non-standard location using the new method introduced in December 2020.
The updated reporting will help in risk assessment by making it clear to security teams which Oracle Java instances were newly identifiable since the introduction of enhanced discovery.
Reporting for Oracle Java QIDs in the current format
Reporting for Oracle Java QIDs showing the new Detection Type column
As seen in the above screenshots, a new “Detection Type” column will be added in the reporting section of the QIDs. Depending on the method of discovery, each instance will be classified with one of the below values:
- Default – the original detection logic from before December 2020 that checks via the PATH variable.
- Enhanced – the new detection logic added in December 2020 and checks in non-standard locations.
These changes will be deployed on all shared platforms on or around March 22, 2021.
For additional details, please see the blog post, QID Spotlight: Enhanced Oracle Java Discovery.