Oracle Java SE Multiple Vulnerabilities (April 2014 CPU)

critical Nessus Plugin ID 73570

Synopsis

The remote Windows host contains a programming platform that is potentially affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security issues in the following components :

- 2D
- AWT
- Deployment
- Hotspot
- JAX-WS
- JAXB
- JAXP
- JNDI
- JavaFX
- Javadoc
- Libraries
- Scripting
- Security
- Sound

Solution

Update to JDK / JRE 8 Update 5, 7 Update 55, 6 Update 75, or 5 Update 65 or later and, if necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 5 Update 65 or later or 6 Update 75 or later.

See Also

http://www.nessus.org/u?726f7054

http://www.nessus.org/u?84f3023c

http://www.nessus.org/u?1e3ee66a

http://www.nessus.org/u?39cb260f

http://www.nessus.org/u?f65f6f6e

Plugin Details

Severity: Critical

ID: 73570

File Name: oracle_java_cpu_apr_2014.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 4/16/2014

Updated: 12/19/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-0429

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jdk, cpe:/a:oracle:jre

Required KB Items: installed_sw/Java

Exploit Ease: No known exploits are available

Patch Publication Date: 4/15/2014

Vulnerability Publication Date: 4/15/2014

Reference Information

CVE: CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428

BID: 63676, 65568, 66856, 66866, 66873, 66877, 66879, 66881, 66883, 66887, 66891, 66893, 66894, 66898, 66899, 66902, 66903, 66905, 66909, 66910, 66914, 66916, 66917, 66918, 66920, 64493, 66870, 66907, 66911, 66915, 66919, 66904, 66886, 66897, 66908, 66912, 66913