The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7012 advisory.

    The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java     Software Development Kit.

    Security Fix(es):

    * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618)

    * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626)

    * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628)

    * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619)

    * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624)

    * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [rhel-8] (BZ#2131863)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : java-11-openjdk (RHSA-2022:7012)

medium Nessus Plugin ID 166281

Version 1.8