| VID |
50290 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle Java SE or Java for Business installed on the remote host is prior to 11 Update 6. It is, therefore, affected by multiple vulnerabilities:
- Oracle Java SE and Java SE Embedded are prone to a severe division by zero, over 'Multiple' protocol. This issue affects the 'SQLite' component.(CVE-2019-16168)
- Oracle Java SE and Java SE Embedded are prone to format string vulnerability, leading to a read uninitialized stack data over 'Multiple' protocol. This issue affects the 'libxst' component. (CVE-2019-13117, CVE-2019-13118)
- Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. An unauthenticated remote attacker can exploit this over 'Kerberos' protocol. This issue affects the 'Security' component. (CVE-2020-2601, CVE-2020-2590)
- Oracle Java SE/Java SE Embedded are prone to a remote security vulnerability. An unauthenticated remote attacker can exploit this overmultiple protocols. This issue affects the 'Serialization' component. (CVE-2020-2604, CVE-2020-2583)
- Oracle Java SE/Java SE Embedded are prone to a remote security vulnerability. Tn unauthenticated remote attacker can exploit this over multiple protocols. This issue affects the 'Networking' component. (CVE-2020-2593, CVE-2020-2659)
- Oracle Java SE are prone to a remote security vulnerability. An unauthenticated remote attacker can exploit this over multiple protocols. This issue affects the 'Libraries' component. (CVE-2020-2654)
- Oracle Java SE are prone to a multiple security vulnerability. An unauthenticated remote attacker can exploit this over multiple protocols. This issue affects the 'JavaFX' component. (CVE-2020-2585)
- Oracle Java SE are prone to a multiple security vulnerability. An unauthenticate remote attacker can exploit this over 'HTTPS' protocols. This issue affects the 'JSSE' component. (CVE-2020-2655)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://www.oracle.com/security-alerts/cpujan2020.html
* Platforms Affected:
Oracle Java JDK and JRE prior to 11 Update 6
Microsoft Windows Any version |
| Recommendation |
Update to JDK / JRE 11 Update 6 or later and remove if necessary any affected versions
http://www.java.com/en/ |
| Related URL |
CVE-2019-13117,CVE-2019-13118,CVE-2019-16168,CVE-2020-2583,CVE-2020-2585,CVE-2020-2590,CVE-2020-2593,CVE-2020-2601,CVE-2020-2604,CVE-2020-2654 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
