FreeBSD : java -- multiple vulnerabilities (a5934ba8-a376-11e5-85e9-14dae9d210b8)

critical Nessus Plugin ID 87386

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Oracle reports :

This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?2e5158e8

http://www.nessus.org/u?2eb49d1a

Plugin Details

Severity: Critical

ID: 87386

File Name: freebsd_pkg_a5934ba8a37611e585e914dae9d210b8.nasl

Version: 2.7

Type: local

Published: 12/16/2015

Updated: 3/8/2022

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:openjdk7, p-cpe:/a:freebsd:freebsd:openjdk7-jre, p-cpe:/a:freebsd:freebsd:openjdk8, p-cpe:/a:freebsd:freebsd:openjdk8-jre, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/15/2015

Vulnerability Publication Date: 10/20/2015

CISA Known Exploited Dates: 3/24/2022

Reference Information

CVE: CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916