Java application performance issues reported with Host IPS 8.0 5660 and 5709 content

技術的な記事 ID: KB82087
最終更新: 6/5/2019

環境

McAfee Host Intrusion Prevention (Host IPS) 8.0

概要

McAfee has received reports from some customers about performance degradation on web-based enterprise Java applications.

問題

Customers might experience increased response time, latency, or resource consumption when navigating enterprise Java applications.

Profiling might indicate that the jsbp.method_entry() function consumes most of the resource overhead.

Internet Explorer might stop responding when starting the Java Enterprise application.

システムの変更

Applied Host IPS security content version 5709 on June 10, 2014.
Applied Host IPS security content version 5660 on May 27, 2014.

原因

The 5709 content version included a loader for signature 6666, which was unintended. This issue only affected systems that previously experienced the original Java-related issue with security content 5660 installed.

Other observations:

Issue might result from Host IPS security content version 5660, posted on May 27, 2014. Host IPS content version 5660 added one new signature: Signature 6666 - Generic Java Sandbox Escape Exploit Detected. Otherwise, the content is identical Host IPS content version 5626, which was released on May 13, 2014.
Latency might be attributed to signature 6666 - Generic Java Sandbox Escape Exploit Detected.

Why did the issue reoccur with Host IPS 8.0 Content 5709?
Host IPS content version 5660 added one new signature: Signature 6666 - Generic Java Sandbox Escape Exploit Detected. Signature 6666 updated jsbp.dll and jsbp.jar, located in the Host IPS 8.0 program installation folder.

Security content version 5709, released June 10, 2014, will inadvertently load the JSBP resource files, even though signature 6666 is not included in security content version 5709. This behavior is unintended and security content version 5709 has been recalled and replaced with security content version 5710.

解決策

McAfee posted Host IPS content 5735 to the common repository on July 1, 2014. This update resolves the issue incurred with content version 5709, posted on June 10, 2014.

NOTE: Content version 5735 includes the regular planned June IPS signature updates originally included in content version 5709.

McAfee posted Host IPS content 5710 to the common repository on June 12, 2014. This update resolved the issue incurred with content version 5709, posted on June 10, 2014.

McAfee posted Host IPS content 5664 to the common repository on June 1, 2014, which resolved the issue incurred with content version 5660, posted on May 27, 2014.

Content remediation versions 5710 and 5664 are identical to content version 5626, posted May 13, 2014.

NOTE: Content versions 5626, 5664, and 5710 do not include Signature 6666 - Generic Java Sandbox Escape Exploit Detected.

For more information about McAfee Host IPS signature content releases, see the Release Notes:
http://www.mcafee.com/us/content-release-notes/host-intrusion-prevention/index.aspx

解決策

McAfee is currently conducting a full process review and has inserted new process checkpoints to make sure that a similar issue does not occur in future Host IPS security content updates.

McAfee is withholding re-release estimates for Host IPS Signature 6666, JSEP content, until we finalize solutions for reported issues and have full confidence to validate JSEP signature functionality. This article will be updated when further updates related to this functionality are confirmed.

添付ファイル

KB82087_External_RCA_Statement.pdf
97K • < 1 minute @ broadband

影響を受ける製品

Host Intrusion Prevention 8.0
Known Issue/Product Defect

言語:

この記事は、次の言語で表示可能です:

English United States
Spanish Spain
French
Italian
Japanese
Portuguese Brasileiro

技術用語集

用語集にある用語をハイライトする

当社の技術用語集を参照してください。

Knowledge Center

Java application performance issues reported with Host IPS 8.0 5660 and 5709 content

環境

概要

問題

システムの変更

原因

解決策

解決策

添付ファイル

影響を受ける製品

言語:

技術用語集

Title

Title

Knowledge Center

Java application performance issues reported with Host IPS 8.0 5660 and 5709 content

環境

概要

問題

システムの変更

原因

解決策

解決策

添付ファイル

影響を受ける製品

言語:

技術用語集

地域を選択してください

Title

Title