Oracle Java SE 6 < Update 191 / 7 < Update 181 / 8 < Update 171 / 10 < Update 1 Multiple Vulnerabilities (April 2018 CPU)

high Nessus Network Monitor Plugin ID 700657

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 1, 8 Update 171, 7 Update 181, or 6 Update 191. It is, therefore, affected by multiple vulnerabilities related to the following components :

- AWT
- Concurrency
- Hotspot
- Install
- JAXP
- JMX
- Libraries
- RMI
- Security
- Serialization

Solution

Upgrade to Oracle JDK / JRE 10 Update 1, 8 Update 171 / 7 Update 181 / 6 Update 191 or later. If necessary, remove any affected versions.

See Also

http://www.nessus.org/u?2fbcacca

http://www.nessus.org/u?726f7054

http://www.nessus.org/u?76507bf8

http://www.nessus.org/u?6f630e2b

http://www.nessus.org/u?9bf6e180

Plugin Details

Severity: High

ID: 700657

Family: Web Clients

Published: 5/2/2019

Updated: 5/2/2019

Nessus ID: 109202

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:java_se

Patch Publication Date: 4/17/2018

Vulnerability Publication Date: 4/17/2018

Reference Information

CVE: CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2811, CVE-2018-2814, CVE-2018-2815, CVE-2018-2825, CVE-2018-2826

BID: 103817, 103872, 103849, 103848, 103796, 103832, 103810