Oracle Java SE 6 < Update 101 / 7 < Update 85 / 8 < Update 51 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 8918

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The Oracle Java SE installed on the remote host is version 6 prior to Update 101, 7 prior to Update 85, or 8 prior to Update 51 and is affected by multiple vulnerabilities:

- A flaw in the 'ObjectInputStream::readSerialData()' function in 'share/classes/java/io/ObjectInputStream.java' that is triggered when handling OIS data allowing a context-dependent attacker to execute arbitrary code. (CVE-2015-2590)
- An unspecified flaw related to the Hotspot component may allow a context-dependent attacker to have an impact on integrity. (CVE-2015-2596)
- A flaw in the JCE component as various cryptographic operations use non-constant time comparisons allowing a remote attacker to conduct timing attacks in order to possibly glean sensitive information. (CVE-2015-2601)
- A flaw in the 'ECDH_Derive()' function in 'share/native/sun/security/ec/impl/ec.c' related to missing EC parameter validation when performing ECDH key derivation allowing a remote attacker to disclose potentially sensitive information. (CVE-2015-2613)
- An unspecified flaw related to the 2D component may allow a context-dependent attacker to gain access to sensitive information. (CVE-2015-2619)
- A flaw in the 'RMIConnectionImpl' constructor in 'share/classes/javax/management/remote/rmi/RMIConnectionImpl.java'. The issue is triggered due to improper permission checks when creating repository class loaders allowing a context-dependent attacker to bypass sandbox restrictions and disclose sensitive information. (CVE-2015-2621)
- A flaw in the JSSE component that is triggered when performing X.509 certificate identity checks allowing a remote attacker to have a certificate for another domain being accepted as valid. (CVE-2015-2625)
- An unspecified flaw related to the Install component allowing a remote attacker to gain access to sensitive information. (CVE-2015-2627)
- A typecasting flaw in 'share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java' that is triggered when handling IIOP operations allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-2628)
- International Components for Unicode for C/C++ (ICU4C) contains an integer overflow condition in the 'LETableReference::verifyLength()' function in 'layout/LETableReference.h'. With a specially crafted font, a context-dependent attacker can crash an application linked against the library or potentially disclose memory contents. (CVE-2015-2632)
- An unspecified flaw related to the 2D component allowing a context-dependent attacker to gain access to sensitive information. (CVE-2015-2637)
- An unspecified flaw related to the 2D component allowing a context-dependent attacker to execute arbitrary code. (CVE-2015-2638)
- A NULL pointer dereference flaw in 'share/classes/com/sun/crypto/provider/GCTR.java' related to the GCM (Galois Counter Mode) implementation. The issue is triggered when performing encryption using a block cipher in GCM mode and may allow a remote attacker to cause a crash. (CVE-2015-2659)
- An unspecified flaw in the Deployment component allowing a local attacker to gain elevated privileges. (CVE-2015-2664)
- An unspecified flaw related to the Deployment component may allow a remote attacker to have an impact on confidentiality and integrity. (CVE-2015-4729)
- A flaw in 'share/classes/javax/management/MBeanServerInvocationHandler.java' is triggered when handling MBean connection proxy classes allowing a context-dependent attacker to bypass sandbox restrictions and potentially execute arbitrary code. (CVE-2015-4731)
- A flaw in 'share/classes/java/io/ObjectInputStream.java' and 'share/classes/java/io/SerialCallbackContext.java' related to insufficient context checks allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-4732)
- A flaw in the 'RemoteObjectInvocationHandler::invoke()' function in 'share/classes/java/rmi/server/RemoteObjectInvocationHandler.java'. The issue is triggered as calls to the finalize() method are permitted allowing a context-dependent attacker to bypass sandbox protections and potentially execute arbitrary code. (CVE-2015-4733)
- An unspecified flaw related to the Deployment component may allow a context-dependent attacker to execute arbitrary code. (CVE-2015-4736)
- A flaw that is triggered when handling Online Certificate Status Protocol (OCSP) responses with no 'nextUpdate' date specified allowing a remote attacker to cause an application to accept a revoked X.509 certificate. (CVE-2015-4748)
- A flaw in the 'DnsClient::query()' function in 'share/classes/com/sun/jndi/dns/DnsClient.java'. The issue is triggered as JNDI DnsClient's exception handling fails to release request information allowing a remote attacker to exhaust memory resources and cause a denial of service. (CVE-2015-4749)
-International Components for Unicode for C/C++ (ICU4C) contains overflow conditions in the layout engine. With a specially crafted font, a context-dependent attacker can cause a buffer overflow, crashing an application linked against the library or potentially allowing execution of arbitrary code. (CVE-2015-4760)

Solution

Update to Oracle Java SE 6 Update 101 / 7 Update 85 / 8 Update 51 or later.

See Also

http://www.oracle.com/technetwork/java/javase/overview-156328.html

http://www.oracle.com/technetwork/java/javase/7u85-relnotes-2587591.html

http://www.oracle.com/technetwork/java/javase/8u51-relnotes-2587590.html

Plugin Details

Severity: Critical

ID: 8918

Family: Web Clients

Published: 9/30/2015

Updated: 3/6/2019

Nessus ID: 84824, 84825

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:java_se

Patch Publication Date: 7/14/2015

Vulnerability Publication Date: 2/5/2015

Reference Information

CVE: CVE-2015-2590, CVE-2015-2596, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760

BID: 75784, 75796, 75812, 75818, 75823, 75832, 75833, 75850, 75854, 75856, 75857, 75861, 75867, 75871, 75874, 75877, 75881, 75883, 75887, 75890, 75892, 75893, 75895