New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.6
SynopsisThe remote Windows host contains a runtime environment that is affected by multiple vulnerabilities.
DescriptionThe version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues :
- A denial of service vulnerability affects the JRE LDAP implementation. (254569).
- A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569)
- There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the 'unpack2000' utility.
- There are multiple denial of service vulnerabilities related to the storing and processing of temporary font files. (254608)
- A privilege-escalation vulnerability affects the Java Plug-in when deserializing applets. (254611)
- An issue exists in the Java Plug-in when parsing 'crossdomain.xml' allows an untrusted applet to connect to an arbitrary site hosting a 'crossdomain.xml' file.
- The Java Plug-in allows a malicious signed applet to obscure the contents of a security dialog. (254611)
- The JRE Virtual Machine is affected by a privilege-escalation vulnerability. (254610)
- There are multiple buffer overflow vulnerabilities involving the JRE's processing of PNG and GIF images.
- There are multiple buffer overflow vulnerabilities involving the JRE's processing of fonts. (254571)
- A denial of service vulnerability affects the JRE HTTP server implementation, which could be used to cause a denial of service on a JAX-WS service endpoint. (254609)
SolutionUpdate to Sun Java JDK / JRE 6 Update 13, JDK / JRE 5.0 Update 18, SDK / JRE 1.4.2_20, or SDK / JRE 1.3.1_25 or later and remove, if necessary, any affected versions.