| VID |
50153 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 4. It is, therefore, affected by multiple vulnerabilities related to the following components :
- AWT
- Deployment
- Hotspot
- I18n
- Installer
- JCE
- JGSS
- JMX
- JNDI
- JavaFX
- LDAP
- Libraries
- Serialization
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA
http://www.oracle.com/technetwork/java/javase/9-0-4-relnotes-4021191.html
http://www.oracle.com/technetwork/java/javase/8u162-relnotes-4021436.html
http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html
http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
* Platforms Affected:
Oracle Java JDK and JRE prior to 9 Update 4
Microsoft Windows Any version |
| Recommendation |
Update to JDK / JRE 9 Update 4 or later and remove if necessary any affected versions
http://www.java.com/en/ |
| Related URL |
CVE-2018-2579,CVE-2018-2581,CVE-2018-2582,CVE-2018-2588,CVE-2018-2599,CVE-2018-2602,CVE-2018-2603,CVE-2018-2618,CVE-2018-2627,CVE-2018-2629 (CVE) |
| Related URL |
102546,102556,102557,102576,102584,102592,102597,102605,102612,102615,102625,102629,102633,102636,102642,102656,102659,102661,102662,102663 (SecurityFocus) |
| Related URL |
(ISS) |
|
