| VID |
50269 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 11 Update 4. It is, therefore, affected by multiple vulnerabilities:
- Unspecified vulnerabilities in the utilities and JCE subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to cause a partial denial of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842)
- An unspecified vulnerability in the security subcomponent of Oracle Java SE, which could allow an unauthenticated local attacker to gain unauthorized access to critical Java SE data. (CVE-2019-2745)
- Unspecified vulnerabilities in the networking and security subcomponents of Oracle Java SE, which could allow an unauthenticated remote attacker to gain unauthorized access to Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818)
- An unspecified vulnerability in the networking subcomponent of Oracle Java SE, which could allow an unauthenticated remote attacker unauthorized read, update, insert or delete access to Java SE data. (CVE-2019-2816)
- An unspecified vulnerability in the JSSE subcomponent of Oracle Java SE, which could allow an unauthenticated, remote attacker to gain unauthorized access to critical Java SE data. Exploitation of this vulnerability requires user interaction. (CVE-2019-2821)
- A use after free vulnerability exists in the libpng subcomponent of Oracle Java SE. An unauthenticated, remote attacker can exploit this to cause a complete denial of service condition in Java SE. Exploitation of this vulnerability requires user interaction.
(CVE-2019-7317)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
* Platforms Affected:
Oracle Java JDK and JRE prior to 11 Update 4
Microsoft Windows Any version |
| Recommendation |
Update to JDK / JRE 11 Update 4 or later and remove if necessary any affected versions
http://www.java.com/en/ |
| Related URL |
CVE-2019-2745,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-2818,CVE-2019-2821,CVE-2019-2842,CVE-2019-6129 (CVE) |
| Related URL |
108098,109184,109185,109186,109187,109188,109189,109201,109206,109210,109212 (SecurityFocus) |
| Related URL |
(ISS) |
|
