| VID |
50037 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Sun Java JDK / JRE which is older than 1.7.0_11 has been installed on the host.
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 11 and is, therefore, potentially affected by the following security issues :
- An unspecified issue exists in the Libraries component. (CVE-2012-3174)
- An error exists in the 'MBeanInstantiator.findClass' method that could allow remote, arbitrary code execution. (CVE-2013-0422)
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.zerodayinitiative.com/advisories/ZDI-13-002/
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html
* Platforms Affected:
Oracle Java JDK and JRE 7 Update 10 and earlier
Microsoft Windows Any version
Unix Any version
Linux Any version |
| Recommendation |
Update to JDK / JRE 7 Update 11 at the following site or later and remove if necessary any affected versions.
http://www.java.com/en/ |
| Related URL |
CVE-2012-3174,CVE-2013-0422 (CVE) |
| Related URL |
57246,57312 (SecurityFocus) |
| Related URL |
(ISS) |
|
