Detections
Analytics
RHEL 8 : java-1.8.0-openjdk (RHSA-2023:1908)
high Nessus Plugin ID 174712
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for java-1.8.0-openjdk.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1908 advisory.- OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
- OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
- OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
- OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
- OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
- OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
- OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL java-1.8.0-openjdk package based on the guidance in RHSA-2023:1908.See Also
http://www.nessus.org/u?e1bb229a
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=2187435
https://bugzilla.redhat.com/show_bug.cgi?id=2187441
https://bugzilla.redhat.com/show_bug.cgi?id=2187704
https://bugzilla.redhat.com/show_bug.cgi?id=2187724
https://bugzilla.redhat.com/show_bug.cgi?id=2187758
https://bugzilla.redhat.com/show_bug.cgi?id=2187790
Plugin Details
Severity: High
ID: 174712
File Name: redhat-RHSA-2023-1908.nasl
Version: 1.3
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/25/2023
Updated: 4/28/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: High
Base Score: 7.1
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N
CVSS Score Source: CVE-2023-21930
CVSS v3
Risk Factor: High
Base Score: 7.4
Temporal Score: 6.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-fastdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-slowdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-fastdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-slowdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-fastdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-slowdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-fastdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-fastdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-slowdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-slowdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-fastdebug, p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-slowdebug
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/25/2023
Vulnerability Publication Date: 4/18/2023
Reference Information
CVE: CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968