The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1242 advisory.

    Oracle Java SE version 7 includes the Oracle Java Runtime Environment and     the Oracle Java Software Development Kit.

    This update fixes several vulnerabilities in the Oracle Java Runtime     Environment and the Oracle Java Software Development Kit. Further     information about these flaws can be found on the Oracle Java SE Critical     Patch Update Advisory page, listed in the References section.
    (CVE-2015-2590, CVE-2015-2596, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619,     CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632,     CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000,     CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736,     CVE-2015-4748, CVE-2015-4749, CVE-2015-4760)

    Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites     by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla     bug 1207101, linked to in the References section, for additional details     about this change.

    Note: This update forces the TLS/SSL client implementation in Oracle JDK to     reject DH key sizes below 768 bits to address the CVE-2015-4000 issue.
    Refer to Red Hat Bugzilla bug 1223211, linked to in the References section,     for additional details about this change.

    All users of java-1.7.0-oracle are advised to upgrade to these updated     packages, which provide Oracle Java 7 Update 85 and resolve these issues.
    All running instances of Oracle Java must be restarted for the update to     take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : java-1.7.0-oracle (RHSA-2015:1242)

critical Nessus Plugin ID 84872

Version 2.21

Version 2.20

Version 2.19

Version 2.21 Nov 5, 2024, 12:50 PM CVSS metrics ("CVSSv3 score" set to 9.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 severity (based on CVE-2015-4000, severity increased from "Low" to "High") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202411051250
Version 2.20 Apr 25, 2023, 11:11 PM CVSS temporal metrics (Adjust exploitability metrics for CISA KEV vulnerabilities) Plugin Feed: 202304252311
Version 2.19 Dec 6, 2022, 1:01 AM Reference Plugin Feed: 202212060101