| VID |
50228 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 211, 8 Update 201, 11 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components :
- An issue in libjpeg 9a, a divide-by-zero error, could allow remote attackers to cause a denial of service condition via a crafted file. (CVE-2018-11212)
- An unspecified vulnerability in Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2426)
- An unspecified vulnerability in Oracle Java SE in the Deployment subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2449)
- An unspecified vulnerability in Oracle Java SE in the Libraries subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2422)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
* Platforms Affected:
Oracle Java JDK and JRE prior to 8 Update 201
Microsoft Windows Any version |
| Recommendation |
Update to JDK / JRE 8 Update 201 or later and remove if necessary any affected versions
http://www.java.com/en/ |
| Related URL |
CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2449 (CVE) |
| Related URL |
106583,106590,106596,106597 (SecurityFocus) |
| Related URL |
(ISS) |
|
