Synopsis
The remote host is missing a critical Oracle Java SE patch update.
Description
The version of Oracle Java SE installed on the remote host is prior to 6 Update 161, 7 Update 151, or 8 Update 141, and is therefore affected by a flaw that is triggered during object deserialization. This may allow a remote attacker to exhaust available memory and potentially cause a crash. (CVE-2017-10108, CVE-2017-10109)
These versions of Java SE are also affected by multiple vulerabilities in the following components :
2D (CVE-2017-10053), AWT (CVE-2017-10110), Deployment (CVE-2017-10105), Deployment (CVE-2017-10125), Hotspot (CVE-2017-10074, CVE-2017-10081), ImageIO (CVE-2017-10089), JAX-WS (CVE-2017-10243), JAXP (CVE-2017-10096, CVE-2017-10101), JCE (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135), JavaFX (CVE-2017-10086, CVE-2017-10114), Libraries (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111), RMI (CVE-2017-10102, CVE-2017-10107), Scripting (CVE-2017-10067, CVE-2017-10078), Security (CVE-2017-10116, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198)
Solution
Upgrade to Java 1.8.0_141 or later. If version 1.8.x cannot be obtained, versions 1.7.0_151 and 1.6.0_161 have also been patched for these vulnerabilities.