Oracle Java SE 6 < Update 161 / 7 < Update 151 / 8 < Update 141 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 700165

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The version of Oracle Java SE installed on the remote host is prior to 6 Update 161, 7 Update 151, or 8 Update 141, and is therefore affected by a flaw that is triggered during object deserialization. This may allow a remote attacker to exhaust available memory and potentially cause a crash. (CVE-2017-10108, CVE-2017-10109)

These versions of Java SE are also affected by multiple vulerabilities in the following components :

 2D (CVE-2017-10053), AWT (CVE-2017-10110), Deployment (CVE-2017-10105), Deployment (CVE-2017-10125), Hotspot (CVE-2017-10074, CVE-2017-10081), ImageIO (CVE-2017-10089), JAX-WS (CVE-2017-10243), JAXP (CVE-2017-10096, CVE-2017-10101), JCE (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135), JavaFX (CVE-2017-10086, CVE-2017-10114), Libraries (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111), RMI (CVE-2017-10102, CVE-2017-10107), Scripting (CVE-2017-10067, CVE-2017-10078), Security (CVE-2017-10116, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198)

Solution

Upgrade to Java 1.8.0_141 or later. If version 1.8.x cannot be obtained, versions 1.7.0_151 and 1.6.0_161 have also been patched for these vulnerabilities.

See Also

http://www.nessus.org/u?aa1e4776

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA

Plugin Details

Severity: Critical

ID: 700165

Family: Web Clients

Published: 7/26/2017

Updated: 3/6/2019

Nessus ID: 101843, 101844

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*

Patch Publication Date: 7/18/2017

Vulnerability Publication Date: 7/18/2017

Reference Information

CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10125, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243, CVE-2017-10078

BID: 99674, 99712, 99719, 99846, 99847, 99643, 99842, 99707, 99774, 99756, 99734, 99731, 99752, 99853, 99703, 99659, 99827, 99706, 99670, 99851, 99809, 99854, 99818, 99662, 99726, 99782, 99839, 99788