Sun Java JRE Multiple Vulnerabilities (102729 / 102732)

high Nessus Plugin ID 23931

Synopsis

The remote Windows host has a version of Sun's Java Runtime Environment that is affected by several vulnerabilities.

Description

According to its version number, the Sun JRE installed on the remote host has two buffer overflow issues that may allow an untrusted applet to elevate its privileges to, for example, read or write local files or to execute local applications subject to the privileges of the user running the applet.

In addition, another set of vulnerabilities may allow an untrusted applet to access data in other applets.

Solution

Update to Sun Java 2 JDK and JRE 5.0 Update 8 / SDK and JRE 1.4.2_13 / SDK and JRE 1.3.1_19 or later and remove if necessary any affected versions.

See Also

http://scary.beasts.org/security/CESA-2005-008.txt

http://www.nessus.org/u?58f88e57

http://www.nessus.org/u?6507bb6f

Plugin Details

Severity: High

ID: 23931

File Name: sun_java_jre_102729.nasl

Version: 1.27

Type: local

Agent: windows

Family: Windows

Published: 12/20/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: SMB/Java/JRE/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 12/19/2006

Vulnerability Publication Date: 12/19/2006

Reference Information

CVE: CVE-2006-6731, CVE-2006-6736, CVE-2006-6737, CVE-2006-6745

BID: 21673, 21674, 21675