The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1817 advisory.

  - OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745)

  - OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)     (CVE-2019-2762)

  - OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)     (CVE-2019-2769)

  - OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786)

  - OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)

  - OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818)

  - OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678)     (CVE-2019-2821)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

CentOS 8 : java-11-openjdk (CESA-2019:1817)

medium Nessus Plugin ID 145663

Version 1.7