Oracle Java SE 6 < Update 191 / 7 < Update 181 / 8 < Update 171 / 10 < Update 1 Multiple Vulnerabilities (April 2018 CPU)

High Nessus Network Monitor Plugin ID 700657

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components :

 - AWT
 - Concurrency
 - Hotspot
 - Install
 - JAXP
 - JMX
 - Libraries
 - RMI
 - Security
 - Serialization

Solution

Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions.

See Also

http://www.nessus.org/u?76507bf8

http://www.nessus.org/u?6f630e2b

http://www.nessus.org/u?9bf6e180

http://www.nessus.org/u?2fbcacca

http://www.nessus.org/u?726f7054

Plugin Details

Severity: High

ID: 700657

Family: Web Clients

Published: 2019/05/02

Updated: 2019/05/02

Dependencies: 8893, 8892, 8895

Nessus ID: 109202

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.3

Temporal Score: 7.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:java_se

Patch Publication Date: 2018/04/17

Vulnerability Publication Date: 2018/04/17

Reference Information

CVE: CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2811, CVE-2018-2814, CVE-2018-2815, CVE-2018-2825, CVE-2018-2826

BID: 103796, 103810, 103817, 103832, 103848, 103849, 103872