Oracle Java SE Multiple Vulnerabilities (Oct 2011 CPU) (Unix)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Unix host contains a programming platform that is affected
by multiple vulnerabilities.

Description :

The version of Oracle (formerly Sun) Java SE or Java for Business
installed on the remote host is earlier than 7 Update 1 / 6 Update 29
/ 5.0 Update 32 / 1.4.2_34. As such, it is potentially affected by
security issues in the following components :

- 2D
- AWT
- Deployment
- Deserialization
- Hotspot
- Java Runtime Environment
- JAXWS
- JSSE
- Networking
- RMI
- Scripting
- Sound
- Swing

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-305/
http://www.zerodayinitiative.com/advisories/ZDI-11-306/
http://www.zerodayinitiative.com/advisories/ZDI-11-307/
http://www.nessus.org/u?3fed43a3
http://www.nessus.org/u?ac4427f9
http://www.oracle.com/technetwork/java/eol-135779.html

Solution :

Update to JDK / JRE 7 Update 1 / 6 Update 29, JDK 5.0 Update 32, SDK
1.4.2_34 or later and remove, if necessary, any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain
JDK 5.0 Update 32 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true