Detections
Analytics
Oracle Java SE 6 < Update 201 / 7 < Update 191 / 8 < Update 181 / 10 < Update 2 Multiple Vulnerabilities (July 2018 CPU)
critical Nessus Network Monitor Plugin ID 700658
Synopsis
The remote host is missing a critical Oracle Java SE patch update.Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities related to the following components :- Concurrency. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2952)
- Deployment. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2964)
- JSSE. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2973)
- Java DB. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2938)
- JavaFX. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2941)
- Libraries. An easily exploitable vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2940)
- Security. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2972)
- Windows DLL. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2942)
Solution
Upgrade to Oracle JDK / JRE 10 Update 2, 8 Update 181 / 7 Update 191 / 6 Update 201 or later. If necessary, remove any affected versions.See Also
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?dbb3b1db
Plugin Details
Severity: Critical
ID: 700658
Family: Web Clients
Published: 5/2/2019
Updated: 5/2/2019
Nessus ID: 111163
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9
Temporal Score: 7.8
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:oracle:java_se
Patch Publication Date: 7/17/2018
Vulnerability Publication Date: 7/17/2018
Reference Information
CVE: CVE-2018-2938, CVE-2018-2940, CVE-2018-2941, CVE-2018-2942, CVE-2018-2952, CVE-2018-2964, CVE-2018-2972, CVE-2018-2973
BID: 104768, 104775, 104765, 104780, 104773, 104782, 104774, 104781