| VID |
28294 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 24 / 5.0 Update 28 / 1.4.2_30. Such versions are potentially affected by security issue in the following components :
- Deployment
- HotSpot
- Install
- JAXP
- Java Language
- JDBC
- Launcher
- Networking
- Security
- Sound
- Swing
- XML Digital Signature
- 2D
* Note: This check solely relied on the version number of the remote Oracle Database server to assess this vulnerability, so this might be a false positive.
* References:
http://www.zerodayinitiative.com/advisories/ZDI-11-082
http://www.zerodayinitiative.com/advisories/ZDI-11-083
http://www.zerodayinitiative.com/advisories/ZDI-11-084
http://www.zerodayinitiative.com/advisories/ZDI-11-085
http://www.zerodayinitiative.com/advisories/ZDI-11-086
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html
* Platforms Affected:
JDK/JRE 6 update 25, JDK update 5.0 update 29, SDK 1.4.2_30 or later
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
Oracle has released a Critical Patch Update to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update Advisory dated February2011 at http://blogs.oracle.com/security/2011/02/february_2011_java_se_and_java.html |
| Related URL |
CVE-2010-4422,CVE-2010-4447,CVE-2010-4448,CVE-2010-4450,CVE-2010-4451,CVE-2010-4452,CVE-2010-4454,CVE-2010-4462,CVE-2010-4463 (CVE) |
| Related URL |
46091,46386,46387,46388,46391,46393,46394,46395,46397,46398,46399,46400,46402,46403,46404,46405,46406,46407,46409,46410,46411 (SecurityFocus) |
| Related URL |
(ISS) |
|
