Oracle Java JRE Unsupported Version Detection (Unix)

critical Nessus Plugin ID 64816

Synopsis

The remote host contains one or more unsupported versions of the Oracle Java JRE.

Description

According to its self-reported version number, at least one installation of Oracle (formerly Sun) Java JRE on the remote host is no longer supported.

The underlying detection plugins enumerates Java installations via binary, path and document inspection to ascertain confidence levels.
As Java can be installed in numerous ways, combinations of approaches are leveraged to instill confidence in the detections. It is recommended that Medium and Low confidence results are investigated on a manual basis for confirmation.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Note that Oracle does provide support contracts under the 'Oracle Lifetime Support' program. If the detected JRE is supported under this program, this may be a false positive. This plugin does not flag JRE versions that are still covered under Extended Support.

Solution

Upgrade to a version of Oracle Java JRE that is currently supported.

See Also

http://www.nessus.org/u?236bc258

https://www.oracle.com/support/lifetime-support/

Plugin Details

Severity: Critical

ID: 64816

File Name: oracle_java_jre_unsupported_unix.nasl

Version: 1.39

Type: local

Agent: unix

Family: Misc.

Published: 2/22/2013

Updated: 6/24/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Tenable score for unsupported software.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: Host/Java/JRE/Installed

Reference Information

IAVA: 0001-A-0575