Oracle Java SE 6 < Update 201 / 7 < Update 191 / 8 < Update 181 / 10 < Update 2 Multiple Vulnerabilities (July 2018 CPU)

Medium Nessus Network Monitor Plugin ID 700658

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 10 Update 2, 8 Update 181, 7 Update 191, or 6 Update 201. It is, therefore, affected by multiple vulnerabilities related to the following components :

 - Concurrency. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2952)

 - Deployment. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2964)

 - JSSE. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2973)

 - Java DB. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2938)

 - JavaFX. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2941)

 - Libraries. An easily exploitable vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2018-2940)

 - Security. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2972)

 - Windows DLL. A difficult to exploit vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE (CVE-2018-2942)

Solution

Upgrade to Oracle JDK / JRE 10 Update 2, 8 Update 181 / 7 Update 191 / 6 Update 201 or later. If necessary, remove any affected versions.

See Also

http://www.nessus.org/u?dbb3b1db

http://www.nessus.org/u?8a11ccea

http://www.nessus.org/u?6c975c0b

http://www.nessus.org/u?2fbcacca

http://www.nessus.org/u?726f7054

Plugin Details

Severity: Medium

ID: 700658

Family: Web Clients

Published: 2019/05/02

Updated: 2019/05/02

Dependencies: 8893, 8892, 8895

Nessus ID: 111163

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:java_se

Patch Publication Date: 2018/07/17

Vulnerability Publication Date: 2018/07/17

Reference Information

CVE: CVE-2018-2938, CVE-2018-2940, CVE-2018-2941, CVE-2018-2942, CVE-2018-2952, CVE-2018-2964, CVE-2018-2972, CVE-2018-2973

BID: 104765, 104768, 104773, 104774, 104775, 104780, 104781, 104782