The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2696-1 advisory.

    Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data     integrity, and availability. An attacker could exploit these to cause a denial of service or expose     sensitive data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732,     CVE-2015-4733, CVE-2015-4760, CVE-2015-4748)

    Several vulnerabilities were discovered in the cryptographic components of the OpenJDK JRE. An attacker     could exploit these to expose sensitive data over the network. (CVE-2015-2601, CVE-2015-2808,     CVE-2015-4000, CVE-2015-2625, CVE-2015-2613)

    As a security improvement, this update modifies OpenJDK behavior to disable RC4 TLS/SSL cipher suites by     default.

    As a security improvement, this update modifies OpenJDK behavior to reject DH key sizes below 768 bits by     default, preventing a possible downgrade attack.

    Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker     could exploit these to expose sensitive data over the network. (CVE-2015-2621, CVE-2015-2632)

    A vulnerability was discovered with how the JNDI component of the OpenJDK JRE handles DNS resolutions. A     remote attacker could exploit this to cause a denial of service. (CVE-2015-4749)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-2696-1)

critical Nessus Plugin ID 85154

Version 2.17

Version 2.16

Version 2.15

Version 2.17 Aug 28, 2024, 11:02 PM CVSS metrics ("CVSSv3 score" set to 9.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 severity (based on CVE-2015-4000, severity increased from "Low" to "High") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408282302
Version 2.16 Oct 21, 2023, 9:06 AM CVSSv2 score source (set to "CVE-2015-4760") CVSSv3 score source (set to "CVE-2015-4000") Detection Plugin metadata Plugin Feed: 202310210906
Version 2.15 Dec 6, 2022, 1:01 AM Reference Plugin Feed: 202212060101