Oracle Java SE 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1 Multiple Vulnerabilities (Apr 2019 CPU)

critical Nessus Plugin ID 124198

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 221, 8 Update 211, 11 Update 3, or 12 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components :

- 2D
- Libraries
- RMI
- Windows DLL

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Oracle JDK / JRE 12 Update 1 , 11 Update 3, 8 Update 211 / 7 Update 221 or later. If necessary, remove any affected versions.

See Also

http://www.nessus.org/u?9166970d

http://www.nessus.org/u?aa0c1228

Plugin Details

Severity: Critical

ID: 124198

File Name: oracle_java_cpu_apr_2019.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 4/19/2019

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-2699

CVSS v3

Risk Factor: Critical

Base Score: 9

Temporal Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre, cpe:/a:oracle:jdk

Required KB Items: SMB/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/16/2019

Vulnerability Publication Date: 4/16/2019

Reference Information

CVE: CVE-2019-2602, CVE-2019-2684, CVE-2019-2697, CVE-2019-2698, CVE-2019-2699

BID: 107911, 107915, 107917, 107918, 107922