Detections
Analytics
Oracle Java SE 6 < Update 113 / 7 < Update 97 / 8 < Update 73 Arbitrary Code Execution
high Nessus Network Monitor Plugin ID 9353
Synopsis
The remote host is missing a critical Oracle Java SE patch update.Description
The Oracle Java SE installed on the remote host is version 6 prior to Update 113, 7 prior to Update 97, or 8 prior to Update 73 and is affected by an arbitrary code execution vulnerability that may have been exploited when installing Java. If an attacker convinced a user to download a set of malicious files before Java was installed, then arbitrary code may have been executed during the installation. A system with the vulnerable versions of Java installed should be checked for malicious software or abnormal behaviors.Solution
Update to Java 1.6.0_113 (for JRE 6) / 1.7.0_97 (for JRE 7) / 1.8.0_73 (for JRE 8) or later.See Also
http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html
Plugin Details
Severity: High
ID: 9353
Family: Web Clients
Published: 6/9/2016
Updated: 3/6/2019
Nessus ID: 88755
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 6.3
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:oracle:java_se
Patch Publication Date: 2/5/2016
Vulnerability Publication Date: 2/5/2016
Reference Information
CVE: CVE-2016-0603
BID: 83008