The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 231, 8 Update 221, 11 Update 4, or 12 Update 2. It is, therefore, affected by multiple vulnerabilities:

  - Unspecified vulnerabilities in the utilities and JCE     subcomponents of Oracle Java SE, which could allow an     unauthenticated remote attacker to cause a partial denial     of service. (CVE-2019-2762, CVE-2019-2769, CVE-2019-2842)

  - An unspecified vulnerability in the security subcomponent     of Oracle Java SE, which could allow an unauthenticated     local attacker to gain unauthorized access to critical Java     SE data. (CVE-2019-2745)

  - Unspecified vulnerabilities in the networking and security     subcomponents of Oracle Java SE, which could allow an     unauthenticated remote attacker to gain unauthorized     access to Java SE data. Exploitation of this vulnerability     requires user interaction.     (CVE-2019-2766, CVE-2019-2786, CVE-2019-2818)

  - An unspecified vulnerability in the networking subcomponent     of Oracle Java SE, which could allow an unauthenticated     remote attacker unauthorized read, update, insert or     delete access to Java SE data. (CVE-2019-2816)

  - An unspecified vulnerability in the JSSE subcomponent of     Oracle Java SE, which could allow an unauthenticated,     remote attacker to gain unauthorized access to critical     Java SE data. Exploitation of this vulnerability requires     user interaction. (CVE-2019-2821)

  - A use after free vulnerability exists in the libpng     subcomponent of Oracle Java SE. An unauthenticated,     remote attacker can exploit this to cause a complete     denial of service condition in Java SE. Exploitation     of this vulnerability requires user interaction.
    (CVE-2019-7317)

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU)

medium Nessus Plugin ID 126821

Version 1.7

Version 1.6

Version 1.5

Version 1.7 Dec 20, 2024, 5:52 PM Logic Changes (update plugin format) Plugin Feed: 202412201752
Version 1.6 May 9, 2024, 7:40 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202405090740
Version 1.5 Dec 6, 2022, 6:51 PM Reference Plugin Feed: 202212061851