{"id":9886,"date":"2022-01-11T09:57:10","date_gmt":"2022-01-11T17:57:10","guid":{"rendered":"https:\/\/minisoft.com\/support\/?p=9886"},"modified":"2022-01-21T09:40:28","modified_gmt":"2022-01-21T17:40:28","slug":"jndi-vulnerability-in-h2-database-consoles","status":"publish","type":"post","link":"https:\/\/www.minisoft.com\/support\/jndi-vulnerability-in-h2-database-consoles\/","title":{"rendered":"JNDI vulnerability in H2 database consoles"},"content":{"rendered":"\n<p>A vulnerability <a href=\"\/support\/index.php\/log4j\/\" data-type=\"post\">similar to Log4j<\/a> has <a href=\"https:\/\/www.zdnet.com\/google-amp\/article\/jfrog-researchers-find-jndi-vulnerability-in-h2-database-consoles-similar-to-log4shell\/\">been reported<\/a>, a JNDI-based vulnerability in <a href=\"\/support\/index.php\/h2-database\/\">the H2 database console<\/a>. <\/p>\n\n\n\n<p>The .jar file in question is used in some eFORMz implementations. There are several ways to mitigate this vulnerability:<\/p>\n\n\n\n<ul><li>Do not open unnecessary TCP ports to the internet.<\/li><li>Remove the H2 jar file if present and not used.<\/li><li>Update to the latest h2 (<a href=\"http:\/\/www.h2database.com\/html\/download.html\">http:\/\/www.h2database.com\/html\/download.html<\/a>) 2.0.206<\/li><li>Ensure your settings do not start unused features.<\/li><\/ul>\n\n\n\n<p>Please contact Minisoft Support (<a href=\"mailto:support@minisoft.com\">support@minisoft.com<\/a>) to schedule a checkup.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Upgrading the database<\/h2>\n\n\n\n<p>Upgrading the database, a backup with the old version and restoring with a new version needs to happen. For more information: <a href=\"http:\/\/www.h2database.com\/html\/tutorial.html#upgrade_backup_restore\">http:\/\/www.h2database.com\/html\/tutorial.html#upgrade_backup_restore<\/a><\/p>\n\n\n\n<p>If you replace the h2 jar file without doing an upgrade to the database, you get the following message when connecting in the console or Composer:<\/p>\n\n\n\n<p>General error: &#8220;The write format 1 is smaller than the supported format 2 [2.1.210\/5]&#8221; [50000-210]\u00a0HY000\/50000\u00a0<a href=\"https:\/\/h2database.com\/javadoc\/org\/h2\/api\/ErrorCode.html#c50000\">(Help)<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade.png\"><img decoding=\"async\" loading=\"lazy\" width=\"490\" height=\"138\" src=\"https:\/\/minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade.png\" alt=\"\" class=\"wp-image-9899\" srcset=\"https:\/\/www.minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade.png 490w, https:\/\/www.minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade-300x84.png 300w, https:\/\/www.minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade-150x42.png 150w\" sizes=\"(max-width: 490px) 100vw, 490px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade2.png\"><img decoding=\"async\" loading=\"lazy\" width=\"691\" height=\"425\" src=\"https:\/\/minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade2.png\" alt=\"\" class=\"wp-image-9900\" srcset=\"https:\/\/www.minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade2.png 691w, https:\/\/www.minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade2-300x185.png 300w, https:\/\/www.minisoft.com\/support\/wp-content\/uploads\/2022\/01\/h2_upgrade2-150x92.png 150w\" sizes=\"(max-width: 691px) 100vw, 691px\" \/><\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>A vulnerability similar to Log4j has been reported, a JNDI-based vulnerability in the H2 database console. The .jar file in question is used in some eFORMz implementations. There are several ways to mitigate this vulnerability: Do not open unnecessary TCP ports to the internet. Remove the H2 jar file if present and not used. Update [&hellip;]<\/p>\n","protected":false},"author":75,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[208],"tags":[645,646,30,753,739,738],"_links":{"self":[{"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/posts\/9886"}],"collection":[{"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/users\/75"}],"replies":[{"embeddable":true,"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/comments?post=9886"}],"version-history":[{"count":4,"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/posts\/9886\/revisions"}],"predecessor-version":[{"id":9903,"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/posts\/9886\/revisions\/9903"}],"wp:attachment":[{"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/media?parent=9886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/categories?post=9886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.minisoft.com\/support\/wp-json\/wp\/v2\/tags?post=9886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}