Korean
<< Back
VID 50267
Severity 30
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 231. It is, therefore, affected by multiple vulnerabilities:

- Unspecified vulnerabilities in the utilities and JCE subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to cause a partial denial of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842)

- An unspecified vulnerability in the security subcomponent of Oracle Java SE, which could allow an unauthenticated local attacker to gain unauthorized access to critical Java SE data. (CVE-2019-2745)

- Unspecified vulnerabilities in the networking and security subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to gain unauthorized access to Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818)

- An unspecified vulnerability in the networking subcomponent of Oracle Java SE, which could allow an unauthenticated remote attacker unauthorized read, update, insert or delete access to Java SE data. (CVE-2019-2816)

- An unspecified vulnerability in the JSSE subcomponent of Oracle Java SE, which could allow an unauthenticated, remote attacker to gain unauthorized access to critical Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2821)

- A use after free vulnerability exists in the libpng subcomponent of Oracle Java SE. An unauthenticated, remote attacker can exploit this to cause a complete denial of service condition in Java SE. Exploitation of this vulnerability requires user interaction.
(CVE-2019-7317)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

* Platforms Affected:
Oracle Java JDK and JRE prior to 7 Update 231
Microsoft Windows Any version
Recommendation Update to JDK / JRE 7 Update 231 or later and remove if necessary any affected versions
http://www.java.com/en/
Related URL CVE-2019-2745,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-2818,CVE-2019-2821,CVE-2019-2842,CVE-2019-6129 (CVE)
Related URL 108098,109184,109185,109186,109187,109188,109189,109201,109206,109210,109212 (SecurityFocus)
Related URL (ISS)