This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Security Fix(es) :
- Multiple flaws were discovered in the Hotspot and
Libraries components in OpenJDK. An untrusted Java
application or applet could use these flaws to
completely bypass Java sandbox restrictions.
(CVE-2016-3606, CVE-2016-3587, CVE-2016-3598,
- Multiple denial of service flaws were found in the JAXP
component in OpenJDK. A specially crafted XML file could
cause a Java application using JAXP to consume an
excessive amount of CPU and memory when parsed.
- Multiple flaws were found in the CORBA and Hotsport
components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java
sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)
Note: If the web browser plug-in provided by the icedtea-web package
was installed, the issues exposed via Java applets could have been
exploited without user interaction if a user visited a malicious
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 92491 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now