Oracle Java SE Multiple Vulnerabilities (June 2011 CPU) (Unix)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Unix host contains a programming platform that is affected
by multiple vulnerabilities.

Description :

The version of Oracle (formerly Sun) Java SE or Java for Business
installed on the remote host is earlier than 6 Update 26 / 5.0 Update
30 / 1.4.2_32. Such versions are potentially affected by security
issues in the following components :

- AWT
- Deployment
- Deserialization
- Hotspot
- Java Runtime Environment
- Networking
- NIO
- SAAJ
- Sound
- Swing

See also :

http://www.nessus.org/u?8569058d
http://www.zerodayinitiative.com/advisories/ZDI-11-182/
http://www.zerodayinitiative.com/advisories/ZDI-11-183/
http://www.zerodayinitiative.com/advisories/ZDI-11-184/
http://www.zerodayinitiative.com/advisories/ZDI-11-185/
http://www.zerodayinitiative.com/advisories/ZDI-11-186/
http://www.zerodayinitiative.com/advisories/ZDI-11-187/
http://www.zerodayinitiative.com/advisories/ZDI-11-188/
http://www.zerodayinitiative.com/advisories/ZDI-11-189/
http://www.zerodayinitiative.com/advisories/ZDI-11-190/
http://www.zerodayinitiative.com/advisories/ZDI-11-191/
http://www.zerodayinitiative.com/advisories/ZDI-11-192/
http://www.securityfocus.com/archive/1/518303/30/0/threaded
http://www.securityfocus.com/archive/1/518304/30/0/threaded
http://www.securityfocus.com/archive/1/518307/30/0/threaded
http://www.securityfocus.com/archive/1/518305/30/0/threaded
http://www.securityfocus.com/archive/1/518306/30/0/threaded
http://www.securityfocus.com/archive/1/518309/30/0/threaded
http://www.securityfocus.com/archive/1/518308/30/0/threaded
http://www.securityfocus.com/archive/1/518315/30/0/threaded
http://www.securityfocus.com/archive/1/518313/30/0/threaded
http://www.securityfocus.com/archive/1/518312/30/0/threaded
http://www.securityfocus.com/archive/1/518311/30/0/threaded
http://www.oracle.com/technetwork/java/eol-135779.html

Solution :

Update to JDK / JRE 6 Update 26, JDK 5.0 Update 30, SDK 1.4.2_32 or
later and remove, if necessary, any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain
JDK 5.0 Update 30 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false