Oracle JRockit R28.3.13 Multiple Vulnerabilities (April 2017 CPU)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A programming platform installed on the remote Windows host is
affected by multiple vulnerabilities.

Description :

The version of Oracle JRockit installed on the remote Windows host is
R28.3.13. It is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the JCE subcomponent that
allows a local attacker to gain elevated privileges.
(CVE-2017-3511)

- An unspecified flaw exists in the JAXP subcomponent that
allows an unauthenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3526)

- An unspecified flaw exists in the Networking
subcomponent that allows an unauthenticated, remote
attacker to update, insert, or delete arbitrary data via
FTP. (CVE-2017-3533)

- An unspecified flaw exists in the Networking
subcomponent that allows an unauthenticated, remote
attacker to update, insert, or delete arbitrary data via
SMTP. (CVE-2017-3544)

See also :

http://www.nessus.org/u?5a48460e
http://www.nessus.org/u?08e1362c

Solution :

Upgrade to Oracle JRockit version R28.3.14 or later as referenced in
the April 2017 Oracle Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 99521 ()

Bugtraq ID: 97731
97733
97740
97745

CVE ID: CVE-2017-3511
CVE-2017-3526
CVE-2017-3533
CVE-2017-3544

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now