| VID |
50009 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 1 / 6 Update 29 / 5.0 Update 32 / 1.4.2_34 and is potentially affected by security issues in the following components :
- 2D
- AWT
- Deployment
- Deserialization
- Hotspot
- Java Runtime Environment
- JAXWS
- JSSE
- Networking
- RMI
- Scripting
- Sound
- Swing
* Note: This check solely relied on the version number of the remote Oracle Database server to assess this vulnerability, so this might be a false positive.
* References:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
https://nealpoole.com/blog/2011/10/java-applet-same-origin-policy-bypass-via-http-redirect/
https://nealpoole.com/blog/2011/10/java-deployment-toolkit-plugin-does-not-validate-installer-executable/
* Platforms Affected:
JDK and JRE 7
JDK and JRE 6 Update 27 and earlier
JDK and JRE 5.0 Update 31 and earlier
SDK and JRE 1.4.2_33 and earlier
JavaFX 2.0
JRockit R28.1.4 and earlier (JDK and JRE 6 and 5.0)
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
Oracle has released a Critical Patch Update to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Java SE Critical Patch Update Advisory dated Oct 2011 at http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html#PatchTable |
| Related URL |
CVE-2011-3516,CVE-2011-3521,CVE-2011-3544,CVE-2011-3545,CVE-2011-3546,CVE-2011-3547,CVE-2011-3548,CVE-2011-3549,CVE-2011-3550 (CVE) |
| Related URL |
50118,50211,50215,50216,50218,50220,50223,50224,50226,50229,50231,50234,50236,50237,50239,50242,50243,50246,50248,50250 (SecurityFocus) |
| Related URL |
(ISS) |
|
