| VID |
50059 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 25. That version is potentially affected by disclosing certain sensitive information, gaining escalated privileges, manipulating certain data, bypassing certain security restrictions, causing Denial of Service in the following components :
- 2D
- AWT
- CORBA
- Deployment
- Hotspot
- Install
- JDBC
- JMX
- Libraries
- Networking
- Serialization
- Serviceability
- Sound
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://www.zerodayinitiative.com/advisories/ZDI-13-132/
http://www.zerodayinitiative.com/advisories/ZDI-13-151/
http://www.zerodayinitiative.com/advisories/ZDI-13-152/
http://www.zerodayinitiative.com/advisories/ZDI-13-153/
http://www.zerodayinitiative.com/advisories/ZDI-13-154/
http://www.zerodayinitiative.com/advisories/ZDI-13-155/
http://www.zerodayinitiative.com/advisories/ZDI-13-156/
http://www.zerodayinitiative.com/advisories/ZDI-13-157/
http://www.zerodayinitiative.com/advisories/ZDI-13-158/
http://www.zerodayinitiative.com/advisories/ZDI-13-159/
http://www.zerodayinitiative.com/advisories/ZDI-13-160/
* Platforms Affected:
Oracle Java JDK and JRE prior to 7 Update 25
Microsoft Windows Any version |
| Recommendation |
Update to JDK / JRE 7 Update 25 or later and remove if necessary any affected versions
http://www.java.com/en/ |
| Related URL |
CVE-2013-1500,CVE-2013-1571,CVE-2013-2400,CVE-2013-2407,CVE-2013-2412,CVE-2013-2437,CVE-2013-2442,CVE-2013-2443,CVE-2013-2444,CVE-2013-2445 (CVE) |
| Related URL |
60617,60618,60619,60620,60621,60622,60623,60624,60625,60626,60627,60629,60630,60631,60632,60633,60634,60635,60636,60637,60638,60639,60640 (SecurityFocus) |
| Related URL |
(ISS) |
|
