Service Restored at 11:38 a.m., Monday, Jan. 14: Oracle has released an update addressing the Oracle Security Alert for Java. These vulnerabilities may be remotely exploitable without authentication (i.e., they may be exploited over a network without the need for a username and password). To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities. The IT Security Office advises applying the update as soon as possible. To learn more, visit the 1/14/13 OIT Security Notice regarding the Java Updates: https://www.colorado.edu/oit/java-update-1-14-2013.
Applying the update will address the issues with campus Juniper Network Connect VPN (located at https://cuvpn.colorado.edu). Once the patch is applied, those who use Macs and those who use Firefox to access the VPN will again be able to connect to it.
Service Issue Reported at 5:45 p.m., Friday, Jan. 11: A security vulnerability in Java 7, that is currently being exploited, has led a number of software providers to disable the Java plug-in. At this time Apple and Mozilla (makers of the Firefox browser) have disabled Java in their software. This directly impacts the campus Juniper Network Connect VPN (located at https://cuvpn.colorado.edu) and as a result, Macs and those who use Firefox to access the VPN are currently unable to connect to it.
Malicious attackers are using the exploits to turn compromised websites into platforms for silently installing malicious software. So using caution when visiting websites is advised. OIT is continuing to investigate this problem in hopes that a workaround can be found for the VPN before Oracle fixes the issue. More information about the vulnerability, workarounds and fixes will be posted here as it becomes available.
Should you have questions, please call the OIT Service Center at 303-735-4357 (5-HELP from a campus phone) The Service Center is available as follow: Monday to Thursday 7:00 a.m. to 10:00 p.m.; Friday, 7:00 a.m. to 7:00 p.m.; and Saturday and Sunday, 12:00 noon to 6:00 p.m.
Service alerts are posted for planned service maintenance and unplanned service outages.
To subscribe to service alerts, log into this website by clicking the "Login to subscribe" link near the top of this service alert. Once logged in, scroll to the bottom of this page and click on the grey (+)Subscribe button to subscribe to all service alert content.
Learn more by visiting OIT's Service Alert Subscription page.