The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.25 / 6.1 < 6.1.8.25 / 7.0 < 7.0.9.40 / 7.1 < 7.1.3.40 / 8.0 < 8.0.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle April 19 2016 CPU advisory.

  - Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote     attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
    (CVE-2016-0686)

  - Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote     attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-     component. (CVE-2016-0687)

  - Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect     availability via vectors related to 2D. (CVE-2016-3422)

  - Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to     affect confidentiality via vectors related to JCE. (CVE-2016-3426)

  - Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit     R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related     to JMX. (CVE-2016-3427)

  - Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect     confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is     from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote     attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.
    (CVE-2016-3443)

  - Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect     confidentiality, integrity, and availability via vectors related to Deployment. (CVE-2016-3449)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

IBM Java 6.0 < 6.0.16.25 / 6.1 < 6.1.8.25 / 7.0 < 7.0.9.40 / 7.1 < 7.1.3.40 / 8.0 < 8.0.3.0 Multiple Vulnerabilities (Apr 19, 2016)

critical Nessus Plugin ID 160348

Version 1.5

Version 1.4

Version 1.3

Version 1.5 Jun 28, 2024, 7:16 AM CVSS metrics ("CVSSv3 score" set to 9.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2016-3427") Plugin Feed: 202406280716
Version 1.4 May 14, 2023, 12:09 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202305141209
Version 1.3 Oct 25, 2022, 1:57 PM Plugin metadata Plugin Feed: 202210251357