how to find out my Jrun version?

Report · Sep 09, 2010

Hi,

We are using ColdFusion MX 7.02 with the installation type (server configuration), how can I find out my JRUN version and do I need to apply fix for CVE-2009-1873 and CVE-2009-1874? Thanks in advance for your help.

Report · Sep 10, 2010

Hi ,

Login to CFadmin Eg: http://localhost/cfide/administrator/index.cfm .

Press SYSTEM INFORMATION (top middle)

Find Java Version

It probably says: 1.4.2_09

Regards, Carl.

Report · Sep 10, 2010

Hi,

As for the hotfixes you probably need to ask yourself if the CF7 is exposed to the internet and then to possible exploit or internal hence not as accessible to exploitation

HTH, Carl.

Report · Sep 10, 2010

Hi,

Thanks for answer my questions. The Java version is exactly what you said

1.4.2_09 but what is JRUN 4? When ColdFusion was installed, we use "server

configuation" instead of J2EE with JRUN so I am not sure whether JRUN is

part of the installation. Thanks in advance for any advise.

snoopy

Report · Sep 10, 2010

Hi snoopy,

Hope someone corrects me if I am wrong.

Java version 1.4.xx_yy is loosely termed JRUN 4.

So when it comes to CF8 or CF9 you have Java version 1.6.xx_yy

this is termed JRUN 6.

HTH again, Carl.

Report · Sep 10, 2010

Not quite: JRun 4 was indeed the real version number of the last edition of JRun when it did exist as a product, which also happens to be the edition included under CF.

What you're thinking of is that "java 4" is the generic term for java 1.4.xx_yy, and "java 6" is the generic term for java 1.6_xx_yy.

As for the original question of how to find the detailed jrun version info for what underlies CF, the closest I could find was that one can use the jrun.exe command and its -version argument, such as:

C:\ColdFusion9\runtime\bin\jrun.exe -version

Or

C:\jrun4\bin\jrun.exe -version

Unfortunately, it seems to report only the high-level version number. For me, both for CF9 and for CF8 Multiserver, these both report: 4.0

/charlie

/Charlie (troubleshooter, carehart. org)

Report · Sep 14, 2010

Thank you very much, since I am on MX 7.02 with server configuration; do I

still need to update to Jrun 4 updater 7 to apply CVE-2009-1873 and 1874?

According to the instruction that I need to "stop the JRUN admin server",

which I am confuse how to do it or does it apply to server configuration?

Thanks.

snoopy

Report · Sep 14, 2010

Hi Snoopy,

When consol logged in - run TASKMANAGER select the Processes tab (check / tick show all users).

You have a JRUN.EXE (ColdFusion Application service) also present will be JRUNSVC.EXE.

I expect you can highlight and End process JRUNSVC.EXE .

Regards, Carl.

Report · Sep 14, 2010

Thanks. I followed the release notes from update Jrun 4 updater 7, it

mentioned use task manager to end the process but in CVE notes, it mentions

to "stop the Jrun admin server" again so I wonder how. Thanks, that is a

great help.

snoopy

Report · Oct 06, 2010

Just stumbled across this....

To comment on Charlie's observation that jrun.exe -version reports only the JRun major version, try running jrun.exe -info instead to get the build number too.

C:\JRun4\bin>jrun -version
4.0
C:\JRun4\bin>jrun.exe -info
108795
4.0
Sun Microsystems Inc. 14.0-b16 Java HotSpot(TM) 64-Bit Server VM

See also my old blog entry on how to find the CF, JRun, and wsconfig version and build numbers programmatically too:

Build Number Reference

Report · Oct 06, 2010

Hey Steven, thanks for the addition. I'd not mentioned it because he was originally interested in seeing if any hotfixes or CHFs were applied, and I noticed that -info didn't offer that. Are you by any chance aware of any way (other than looking in directories) to confirm if HFs/CHFs have been applied?

/charlie

/Charlie (troubleshooter, carehart. org)

Report · Oct 06, 2010

Charlie, normally I examine the CF Admin Settings Summary page for Update

Level and CF Server Java Class Path. The CHF jars and other hotfix jar

files will show up there. Not all hotfixes are jar files though, and

require replacing CFIDE code or such, so that can't be determined this way.

Report · Oct 06, 2010

Sure, but to be clear, he was asking about JRun hotfixes only. I don't know that they would show up in the CF Admin Summary Settings, do you?

/charlie

/Charlie (troubleshooter, carehart. org)

Report · Sep 10, 2010

jrun 4 powers all flavors of coldfusion. since it doesn't really exist as a

separate product anymore, all you really need to care about is the cf and

patch/hotfix versions.