Korean
<< Back
VID 50376
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Azul Zulu installed on the remote host is prior to 6 < 6.47 / 7 < 7.53.0.16 / 8 < 8.61.0.18 / 11 < 11.55.18 / 13 < 13.47.16 / 15 < 15.39.16 / 17 < 17.33.16 / 18 < 18.30.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-04-19 advisory.

- zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032)

- xml/jaxp (CVE-2022-21426)

- core-libs/java.lang (CVE-2022-21434)

- security-libs/java.security (CVE-2022-21443, CVE-2022-21449, CVE-2022-21476)

- core-libs/javax.naming (CVE-2022-21496)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://docs.azul.com/core/zulu-openjdk/release-notes/april-2022

* Platforms Affected:
Zulu Java JDK and JRE prior to 7.53.0.16
Microsoft Windows Any version
Recommendation Update to Zulu JDK / JRE 7.53.0.16 or later and remove if necessary any affected versions
https://www.azul.com/downloads/
Related URL CVE-2018-25032,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)