Oracle Java SE 6 < Update 191 / 7 < Update 181 / 8 < Update 171 / 10 < Update 1 Multiple Vulnerabilities (April 2018 CPU)
high Nessus Network Monitor Plugin ID 700657
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote host is missing a critical Oracle Java SE patch update.Description
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components :- AWT
- Concurrency
- Hotspot
- Install
- JAXP
- JMX
- Libraries
- RMI
- Security
- Serialization
Solution
Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions.See Also
http://www.nessus.org/u?2fbcacca
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?76507bf8
Plugin Details
Severity: High
ID: 700657
Family: Web Clients
Published: 5/2/2019
Updated: 5/2/2019
Nessus ID: 109202
Risk Information
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: CVSS2#E:U/RL:OF/RC:C
CVSS v3
Risk Factor: High
Base Score: 8.3
Temporal Score: 7.2
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*
Patch Publication Date: 4/17/2018
Vulnerability Publication Date: 4/17/2018
Reference Information
CVE: CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815, CVE-2018-2783, CVE-2018-2825, CVE-2018-2826, CVE-2018-2811