VID |
50058 |
Severity |
40 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 51. That version is potentially affected by disclosing certain sensitive information, gaining escalated privileges, manipulating certain data, bypassing certain security restrictions, causing Denial of Service in the following components :
- 2D - AWT - CORBA - Deployment - Hotspot - Install - JDBC - JMX - Libraries - Networking - Serialization - Serviceability - Sound
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html http://www.zerodayinitiative.com/advisories/ZDI-13-132/ http://www.zerodayinitiative.com/advisories/ZDI-13-151/ http://www.zerodayinitiative.com/advisories/ZDI-13-152/ http://www.zerodayinitiative.com/advisories/ZDI-13-153/ http://www.zerodayinitiative.com/advisories/ZDI-13-154/ http://www.zerodayinitiative.com/advisories/ZDI-13-155/ http://www.zerodayinitiative.com/advisories/ZDI-13-156/ http://www.zerodayinitiative.com/advisories/ZDI-13-157/ http://www.zerodayinitiative.com/advisories/ZDI-13-158/ http://www.zerodayinitiative.com/advisories/ZDI-13-159/ http://www.zerodayinitiative.com/advisories/ZDI-13-160/
* Platforms Affected: Oracle Java JDK and JRE prior to 6 Update 51 Microsoft Windows Any version |
Recommendation |
Update to JDK / JRE 6 Update 51 or later and remove if necessary any affected versions http://www.java.com/en/ |
Related URL |
CVE-2013-1500,CVE-2013-1571,CVE-2013-2400,CVE-2013-2407,CVE-2013-2412,CVE-2013-2437,CVE-2013-2442,CVE-2013-2443,CVE-2013-2444,CVE-2013-2445 (CVE) |
Related URL |
60617,60618,60619,60620,60621,60622,60623,60624,60625,60626,60627,60629,60630,60631,60632,60633,60634,60635,60636,60637,60638,60639,60640 (SecurityFocus) |
Related URL |
(ISS) |
|