Korean
<< Back
VID 50229
Severity 30
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 211, 8 Update 201, 11 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components :

- An issue in libjpeg 9a, a divide-by-zero error, could allow remote attackers to cause a denial of service condition via a crafted file. (CVE-2018-11212)

- An unspecified vulnerability in Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2426)

- An unspecified vulnerability in Oracle Java SE in the Deployment subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2449)

- An unspecified vulnerability in Oracle Java SE in the Libraries subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2422)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

* Platforms Affected:
Oracle Java JDK and JRE prior to 11 Update 2
Microsoft Windows Any version
Recommendation Update to JDK / JRE 11 Update 2 or later and remove if necessary any affected versions
http://www.java.com/en/
Related URL CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2449 (CVE)
Related URL 106583,106590,106596,106597 (SecurityFocus)
Related URL (ISS)