The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0204 advisory.

  - OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)     (CVE-2022-21248)

  - OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952) (CVE-2022-21277)

  - OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282)

  - OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283)

  - OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386) (CVE-2022-21291)

  - OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)     (CVE-2022-21293)

  - OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)     (CVE-2022-21294)

  - OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296)

  - OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)     (CVE-2022-21299)

  - OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305)

  - OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340)

  - OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)     (CVE-2022-21341)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360)

  - OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365)

  - OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096) (CVE-2022-21366)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : java-11-openjdk (RHSA-2022:0204)

medium Nessus Plugin ID 157044

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.9 Apr 10, 2024, 1:52 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202404101352
Version 1.8 Nov 21, 2023, 1:14 AM CVSSv2 score source (changed from "CVE-2022-21291" to "CVE-2022-21305") CVSSv3 score source (changed from "CVE-2022-21305" to none) Plugin Feed: 202311210114
Version 1.7 May 25, 2023, 3:03 PM Logic Changes (Added support for ppc64le architecture) Plugin Feed: 202305251503
Version 1.6 Jan 23, 2023, 9:47 PM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202301232147