VID |
50381 |
Severity |
40 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
The version of Azul Zulu installed on the remote host is prior to 6 < 6.47 / 7 < 7.53.0.16 / 8 < 8.61.0.18 / 11 < 11.55.18 / 13 < 13.47.16 / 15 < 15.39.16 / 17 < 17.33.16 / 18 < 18.30.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-04-19 advisory.
- zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032)
- xml/jaxp (CVE-2022-21426)
- core-libs/java.lang (CVE-2022-21434)
- security-libs/java.security (CVE-2022-21443, CVE-2022-21449, CVE-2022-21476)
- core-libs/javax.naming (CVE-2022-21496)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References: https://docs.azul.com/core/zulu-openjdk/release-notes/april-2022
* Platforms Affected: Zulu Java JDK and JRE prior to 17.33.16 Microsoft Windows Any version |
Recommendation |
Update to Zulu JDK / JRE 17.33.16 or later and remove if necessary any affected versions https://www.azul.com/downloads/ |
Related URL |
CVE-2018-25032,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|