Oracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)

Critical Nessus Plugin ID 64849

Synopsis

The remote Unix host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components :

- 2D
- Beans
- Concurrency
- Deployment
- Hotspot
- JAX-WS
- JMX
- JSSE
- Libraries
- Networking
- Security
- Swing

Solution

Update to JDK / JRE 7 Update 9 / 6 Update 37, JDK 5.0 Update 38, SDK 1.4.2_40 or later and remove, if necessary, any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK 5 .0 Update 38 or later.

See Also

https://www.securityfocus.com/archive/1/524506/30/0/threaded

https://www.securityfocus.com/archive/1/524507/30/0/threaded

http://www.nessus.org/u?b0eb44d4

https://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html

https://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html

http://www.oracle.com/technetwork/java/eol-135779.html

Plugin Details

Severity: Critical

ID: 64849

File Name: oracle_java_cpu_oct_2012_unix.nasl

Version: 1.12

Type: local

Agent: unix

Family: Misc.

Published: 2013/02/22

Modified: 2018/11/15

Dependencies: 64815

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/10/16

Vulnerability Publication Date: 2012/10/16

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Java Applet Method Handle Remote Code Execution)

Reference Information

CVE: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5078, CVE-2012-5079, CVE-2012-5080, CVE-2012-5081, CVE-2012-5082, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089

BID: 55501, 56025, 56033, 56039, 56043, 56046, 56051, 56054, 56055, 56056, 56057, 56058, 56059, 56061, 56063, 56065, 56066, 56067, 56068, 56070, 56071, 56072, 56075, 56076, 56078, 56079, 56080, 56081, 56082, 56083