The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5719-1 advisory.

    It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use     this issue to cause the corruption of sensitive information. (CVE-2022-21619)

    It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly     use this issue to perform spoofing attacks. (CVE-2022-21624)

    It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An     attacker could possibly use this issue to cause a denial of service. (CVE-2022-21628)

    It was discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this     issue to cause a denial of service. This issue only affected OpenJDK 8 and OpenJDK 11. (CVE-2022-21626)

    It was discovered that OpenJDK incorrectly handled cached server connections. An attacker could possibly     use this issue to perform spoofing attacks. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK     19. (CVE-2022-39399)

    It was discovered that OpenJDK incorrectly handled byte conversions. An attacker could possibly use this     issue to obtain sensitive information. This issue only affected OpenJDK 11, OpenJDK 17 and OpenJDK 19.
    (CVE-2022-21618)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenJDK vulnerabilities (USN-5719-1)

medium Nessus Plugin ID 167234

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.4

Version 1.3

Version 1.2

Version 1.7 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.6 Oct 16, 2023, 7:25 PM Detection Plugin metadata Plugin Feed: 202310161925
Version 1.5 Jul 11, 2023, 4:01 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Detection Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202307110401
Version 1.4 Jan 18, 2023, 9:01 AM Logic Changes (Added support for s390x) Plugin Feed: 202301180901
Version 1.4 Jul 11, 2023, 1:48 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Detection Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202307110148
Version 1.3 Nov 30, 2022, 4:19 PM CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N") CVSSv2 score source (changed from "CVE-2022-21626" to "CVE-2022-21618") Plugin Feed: 202211301619
Version 1.2 Nov 10, 2022, 1:51 AM New Plugin Feed: 202211100151