Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST)

Critical Nessus Plugin ID 56566

Synopsis

The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 1 / 6 Update 29 / 5.0 Update 32 / 1.4.2_34 and is potentially affected by security issues in the following components :

- 2D
- AWT
- Deployment
- Deserialization
- Hotspot
- Java Runtime Environment
- JAXWS
- JSSE
- Networking
- RMI
- Scripting
- Sound
- Swing

Solution

Update to JDK / JRE 7 Update 1 / 6 Update 29, JDK 5.0 Update 32, SDK 1.4.2_34 or later and remove, if necessary, any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK 5.0 Update 32 or later.

CVE: CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561

BID: 49778, 50118, 50211, 50215, 50216, 50218, 50220, 50223, 50224, 50226, 50229, 50231, 50234, 50236, 50237, 50239, 50242, 50243, 50246, 50248, 50250

EDB-ID: 18171

CERT: 864643

Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Exploitable With

Reference Information