Detections
Analytics
Oracle Java JRE Unsupported Version Detection (Unix)
critical Nessus Plugin ID 64816
Language:
Synopsis
The remote host contains one or more unsupported versions of the Oracle Java JRE.Description
According to its self-reported version number, at least one installation of Oracle (formerly Sun) Java JRE on the remote host is no longer supported.The underlying detection plugins enumerates Java installations via binary, path and document inspection to ascertain confidence levels.
As Java can be installed in numerous ways, combinations of approaches are leveraged to instill confidence in the detections. It is recommended that Medium and Low confidence results are investigated on a manual basis for confirmation.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
Note that Oracle does provide support contracts under the 'Oracle Lifetime Support' program. If the detected JRE is supported under this program, this may be a false positive. This plugin does not flag JRE versions that are still covered under Extended Support.
Solution
Upgrade to a version of Oracle Java JRE that is currently supported.See Also
Plugin Details
Severity: Critical
ID: 64816
File Name: oracle_java_jre_unsupported_unix.nasl
Version: 1.39
Type: local
Agent: unix
Family: Misc.
Published: 2/22/2013
Updated: 6/24/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS Score Rationale: Tenable score for unsupported software.
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: manual
CVSS v3
Risk Factor: Critical
Base Score: 10
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:oracle:jre
Required KB Items: Host/Java/JRE/Installed
Reference Information
IAVA: 0001-A-0575