The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities related to the following components :

  - Concurrency. A difficult to exploit vulnerability allows     an unauthenticated attacker with network access via     multiple protocols to compromise Java SE (CVE-2018-2952)

  - Deployment. A difficult to exploit vulnerability allows     an unauthenticated attacker with network access via     multiple protocols to compromise Java SE (CVE-2018-2964)

  - JSSE. A difficult to exploit vulnerability allows     an unauthenticated attacker with network access via     multiple protocols to compromise Java SE (CVE-2018-2973)

  - Java DB. A difficult to exploit vulnerability allows an     unauthenticated attacker with network access via     multiple protocols to compromise Java SE. (CVE-2018-2938)

  - JavaFX. A difficult to exploit vulnerability allows an     unauthenticated attacker with network access via     multiple protocols to compromise Java SE. (CVE-2018-2941)

  - Libraries. An easily exploitable vulnerability allows     an unauthenticated attacker with network access via     multiple protocols to compromise Java SE. (CVE-2018-2940)

  - Security. A difficult to exploit vulnerability allows     an unauthenticated attacker with network access via     multiple protocols to compromise Java SE (CVE-2018-2972)

  - Windows DLL. A difficult to exploit vulnerability allows     an unauthenticated attacker with network access via     multiple protocols to compromise Java SE (CVE-2018-2942)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Java SE Multiple Vulnerabilities (July 2018 CPU)

critical Nessus Plugin ID 111163

Version 1.8

Version 1.7

Version 1.8 Jan 27, 2025, 7:07 AM CVSSv3 score source (changed from "CVE-2018-2938" to none) Exploit attributes ("Exploit available" set to "False") Plugin Feed: 202501270707
Version 1.7 Dec 19, 2024, 8:55 PM Logic Changes (updated plugin format) Plugin Feed: 202412192055