VID |
50229 |
Severity |
30 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 211, 8 Update 201, 11 Update 2. It is, therefore, affected by multiple vulnerabilities related to the following components :
- An issue in libjpeg 9a, a divide-by-zero error, could allow remote attackers to cause a denial of service condition via a crafted file. (CVE-2018-11212)
- An unspecified vulnerability in Oracle Java SE in the Networking subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2426)
- An unspecified vulnerability in Oracle Java SE in the Deployment subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2449)
- An unspecified vulnerability in Oracle Java SE in the Libraries subcomponent could allow an unauthenticated, remote attacker with network access via multiple protocols to compromise Java SE. (CVE-2019-2422)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
* Platforms Affected: Oracle Java JDK and JRE prior to 11 Update 2 Microsoft Windows Any version |
Recommendation |
Update to JDK / JRE 11 Update 2 or later and remove if necessary any affected versions http://www.java.com/en/ |
Related URL |
CVE-2018-11212,CVE-2019-2422,CVE-2019-2426,CVE-2019-2449 (CVE) |
Related URL |
106583,106590,106596,106597 (SecurityFocus) |
Related URL |
(ISS) |
|