QID Spotlight: Discover Azul Java Vulnerabilities
The Qualys vulnerability signatures team has released a new series of signatures (detections) for Azul Java, allowing security teams to identify Azul Java hosts and detect their vulnerabilities.
Azul is a Java platform used for modern cloud enterprises. The platform is used for developing, delivering, optimizing, and managing Java applications. This platform guarantees performance, security, value, and success.
The JDK (Java Development Kit) provided by Azul is also known as Zulu. This JDK is an OpenJDK native binary that is directly dependent on the underlying operating system.
Supported Operating Systems
RHEL, CentOS, Amazon Linux, SLES/OpenSUSE, Fedora, Oracle Enterprise Linux, Debian, Ubuntu, Alpine, and Windows.
Supported Discovery Method
Default installations for Linux, MSI installation for Windows.
QIDs for Azul Java
- 45504 – IG (Information Gathered) to track Azul installed assets
- 375806 – April 2019 Security Update
- 375809 – July 2019 Security Update
- 375810 – October 2019 Security Update
- 375811 – January 2020 Security Update
- 375812 – April 2020 Security Update
- 375813 – July 2020 Security Update
- 375815 – October 2020 Security Update
- 375816 – April 2021 Security Update
- 371817 – July 2021 Security Update
All above-mentioned Azul Java QIDs are available from signature version 2.5.292-2 and above.
Azul Java JDK is supported on Qualys Cloud Agent and Qualys scanner.
Stay connected to get the updates on our latest QIDs and keep yourself protected!
References:
https://www.azul.com/
https://docs.azul.com/core/zulu-openjdk/versioning-and-naming
https://www.azul.com/downloads/?os=alpine-linux&package=jdk
https://www.azul.com/products/components/azul-zulu-prime-builds-of-openjdk/
https://docs.azul.com/zulu/zulurelnotes-january2021/ZuluReleaseNotes/TargetOperatingEnvironments.htm