| VID |
50105 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 111, 7 Update 121, or 6 Update 131. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542)
- An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554)
- An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556)
- An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568)
- Multiple unspecified flaws exist in the Hotspot subcomponent that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5573, CVE-2016-5582)
- An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5597)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html
http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html
http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
* Platforms Affected:
Oracle Java JDK and JRE prior to 8 Update 111
Microsoft Windows Any version |
| Recommendation |
Update to JDK / JRE 8 Update 111 or later and remove if necessary any affected versions
http://www.java.com/en/ |
| Related URL |
CVE-2016-5542,CVE-2016-5554,CVE-2016-5556,CVE-2016-5568,CVE-2016-5573,CVE-2016-5582,CVE-2016-5597 (CVE) |
| Related URL |
93618,93621,93623,93628,93636,93637,93643 (SecurityFocus) |
| Related URL |
(ISS) |
|
