Oracle Java SE 7 < Update 73 / 8 < Update 26 'Serviceability' Component Unknown Vulnerability

Low Nessus Network Monitor Plugin ID 8904

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The Oracle Java SE installed on the remote host is version 7 prior to Update 75 or 8 prior to Update 26 and is therefore affected by a vulnerability in the 'Serviceability' component. While the details of this vulnerability are not currently known, the vendor has acknowledged that local integrity may be impacted.

Solution

Update to Java 1.7.0_73 (for JRE 7) / 1.8.0_26 (for JRE 8) or later.

See Also

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

https://blogs.oracle.com/security/

Plugin Details

Severity: Low

ID: 8904

Family: Web Clients

Published: 2015/02/10

Modified: 2018/09/16

Dependencies: 8892, 8895

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 1.9

Temporal Score: 1.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 2.8

Temporal Score: 2.4

Vector: CVSS3#AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:java_se

Patch Publication Date: 2015/01/21

Vulnerability Publication Date: 2015/01/21

Reference Information

CVE: CVE-2015-0413

BID: 72176