| VID |
28300 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 26 / 5.0 Update 30 / 1.4.2_32. Such versions are potentially affected by security issues in the following components :
- AWT
- Deployment
- Deserialization
- Hotspot
- Java Runtime Environment
- Networking
- NIO
- SAAJ
- Sound
- Swing
* Note: This check solely relied on the version number of the remote Oracle Database server to assess this vulnerability, so this might be a false positive.
* References:
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
http://www.zerodayinitiative.com/advisories/ZDI-11-182/
http://www.zerodayinitiative.com/advisories/ZDI-11-183/
http://www.zerodayinitiative.com/advisories/ZDI-11-184/
http://www.zerodayinitiative.com/advisories/ZDI-11-185/
http://www.zerodayinitiative.com/advisories/ZDI-11-186/
http://www.zerodayinitiative.com/advisories/ZDI-11-187/
http://www.zerodayinitiative.com/advisories/ZDI-11-188/
http://www.zerodayinitiative.com/advisories/ZDI-11-189/
http://www.zerodayinitiative.com/advisories/ZDI-11-190/
http://www.zerodayinitiative.com/advisories/ZDI-11-191/
http://www.zerodayinitiative.com/advisories/ZDI-11-192/
http://www.securityfocus.com/archive/1/518303/30/0/threaded
http://www.securityfocus.com/archive/1/518304/30/0/threaded
http://www.securityfocus.com/archive/1/518307/30/0/threaded
http://www.securityfocus.com/archive/1/518305/30/0/threaded
http://www.securityfocus.com/archive/1/518306/30/0/threaded
http://www.securityfocus.com/archive/1/518309/30/0/threaded
http://www.securityfocus.com/archive/1/518308/30/0/threaded
http://www.securityfocus.com/archive/1/518315/30/0/threaded
http://www.securityfocus.com/archive/1/518313/30/0/threaded
http://www.securityfocus.com/archive/1/518312/30/0/threaded
http://www.securityfocus.com/archive/1/518311/30/0/threaded
* Platforms Affected:
JDK/JRE 6 update 26, JDK update 5.0 update 30, SDK 1.4.2_32 or later
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
Oracle has released a Critical Patch Update to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update Advisory dated June 2011 at http://blogs.oracle.com/security/2011/06/june_2011_java_se_and_java.html |
| Related URL |
CVE-2011-0786,CVE-2011-0788,CVE-2011-0802,CVE-2011-0814,CVE-2011-0815,CVE-2011-0817,CVE-2011-0862,CVE-2011-0863,CVE-2011-0864 (CVE) |
| Related URL |
48133,48134,48135,48136,48137,48138,48139,48140,48141,48142,48143,48144,48145,48146,48147,48148,48149 (SecurityFocus) |
| Related URL |
(ISS) |
|
