The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0161 advisory.

    [1:17.0.2.0.8-4]
    - Fix FIPS issues in native code and with initialisation of java.security.Security
    - Related: rhbz#2039366

    [1:17.0.2.0.8-3]
    - Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and     @JAVA_SPEC_VER@
    - Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
    - Related: rhbz#2039366

    [1:17.0.2.0.8-2]
    - Sync desktop files with upstream IcedTea release 3.15.0 using new script
    - Related: rhbz#2039366

    [1:17.0.2.0.8-1]
    - January 2022 security update to jdk 17.0.2+8
    - Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
    - Rename libsvml.so to libjsvml.so following JDK-8276025
    - ** This tarball is embargoed until 2022-01-18 @ 1pm PT. **
    - Resolves: rhbz#2039366

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 8 : java-17-openjdk (ELSA-2022-0161)

medium Nessus Plugin ID 156910

Version 1.6

Version 1.5

Version 1.4

Version 1.6 Oct 22, 2024, 6:42 PM CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata CVSS metrics ("Cvssv4 score" set to 0.0) Plugin Feed: 202410221842
Version 1.5 Apr 10, 2024, 1:52 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202404101352
Version 1.4 Nov 21, 2023, 1:14 AM CVSSv2 score source (changed from "CVE-2022-21291" to "CVE-2022-21305") Plugin Feed: 202311210114