This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
US-CERT reports :
Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability
that may allow an applet to call setSecurityManager in a way that
allows setting of arbitrary permissions.
By leveraging the public, privileged getField() function, an untrusted
Java applet can escalate its privileges by calling the
setSecurityManager() function to allow full privileges, without
requiring code signing.
This vulnerability is being actively exploited in the wild, and
exploit code is publicly available.
This exploit does not only affect Java applets, but every piece of
software that relies on the Java Security Manager for sandboxing
executable code is affected: malicious code can totally disable
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true