The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1882 advisory.

    IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM     Java Software Development Kit.

    This update fixes several vulnerabilities in the IBM Java Runtime     Environment and the IBM Java Software Development Kit. Detailed     vulnerability descriptions are linked from the IBM Security alerts     page, listed in the References section. (CVE-2014-3065, CVE-2014-3566,     CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476,     CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506,     CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531,     CVE-2014-6532, CVE-2014-6558)

    The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat     Product Security.

    Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to     address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM     article linked to in the References section for additional details about     this change and instructions on how to re-enable SSL 3.0 support if needed.

    Note: This is the last update for the java-1.7.0-ibm packages distributed     via the Red Hat Enterprise Linux 6 Supplementary channels. The     RHEA-2014:1619 advisory, released as a part of Red Hat Enterprise Linux     6.6, introduced the new java-1.7.1-ibm packages. These packages contain IBM     Java SE version 7 Release 1, which adds multiple enhancements over the IBM     Java SE version 7 in the java-1.7.0-ibm packages. All java-1.7.0-ibm users     must migrate to java-1.7.1-ibm packages to continue receiving updates for     the IBM Java SE version 7 via the Red Hat Enterprise Linux 6 Supplementary     channel.

    All users of java-1.7.0-ibm are advised to upgrade to these updated     packages, containing the IBM Java SE 7 SR8 release. All running instances     of IBM Java must be restarted for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : java-1.7.0-ibm (RHSA-2014:1882)

low Nessus Plugin ID 79379

Version 1.26

Version 1.25

Version 1.26 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202411051250
Version 1.25 Jun 23, 2023, 2:15 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv2 score source (set to "CVE-2014-6532") CVSSv3 score source (set to "CVE-2014-3566") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploited by malware" set to "True") Plugin Feed: 202306231415