Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)

High Nessus Plugin ID 103963

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components :

 - 2D (Little CMS 2)
 - Deployment
 - Hotspot
 - JAX-WS
 - JAXP
 - Javadoc
 - Libraries
 - Networking
 - RMI
 - Security
 - Serialization
 - Smart Card IO
 - Util (zlib)

Solution

Upgrade to Oracle JDK / JRE 9 Update 1, 8 Update 151 / 7 Update 161 / 6 Update 171 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK / JRE 6 Update 95 or later.

See Also

http://www.nessus.org/u?ffb85cfa

http://www.nessus.org/u?dfeae1af

http://www.nessus.org/u?bbe7f5cf

http://www.nessus.org/u?2fbcacca

http://www.nessus.org/u?726f7054

Plugin Details

Severity: High

ID: 103963

File Name: oracle_java_cpu_oct_2017.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 2017/10/19

Updated: 2018/11/15

Dependencies: 33545

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.6

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre, cpe:/a:oracle:jdk

Required KB Items: SMB/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/10/17

Vulnerability Publication Date: 2017/10/17

Reference Information

CVE: CVE-2016-9841, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388

BID: 101315, 101319, 101321, 101328, 101333, 101338, 101341, 101348, 101354, 101355, 101369, 101378, 101382, 101384, 101396, 101413