Detections
Analytics
Oracle Java SE 6 < Update 181 / 7 < Update 171 / 8 < Update 161 / 9 < Update 4 Multiple Vulnerabilities (January 2018 CPU)
high Nessus Network Monitor Plugin ID 700656
Synopsis
The remote host is missing a critical Oracle Java SE patch update.Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 181. It is, therefore, affected by multiple vulnerabilities related to the following components :- AWT
- Deployment
- Hotspot
- I18n
- Installer
- JCE
- JGSS
- JMX
- JNDI
- JavaFX
- LDAP
- Libraries
- Serialization
Solution
Upgrade to Oracle JDK / JRE 9 Update 4, 8 Update 161 / 7 Update 171 / 6 Update 181 or later. If necessary, remove any affected versions.See Also
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?29ce2b01
Plugin Details
Severity: High
ID: 700656
Family: Web Clients
Published: 5/2/2019
Updated: 5/2/2019
Nessus ID: 106190
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.3
Temporal Score: 7.2
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:oracle:java_se
Patch Publication Date: 1/16/2018
Vulnerability Publication Date: 1/16/2018
Reference Information
CVE: CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
BID: 102546, 102556, 102557, 102576, 102584, 102592, 102597, 102605, 102612, 102615, 102625, 102629, 102633, 102636, 102642, 102656, 102659, 102661, 102662, 102663