Oracle Java SE 6 < Update 101 / 7 < Update 85 / 8 < Update 51 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 8918
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The Oracle Java SE installed on the remote host is version 6 prior to Update 101, 7 prior to Update 85, or 8 prior to Update 51 and is affected by multiple vulnerabilities:

- A flaw in the 'ObjectInputStream::readSerialData()' function in 'share/classes/java/io/ObjectInputStream.java' that is triggered when handling OIS data allowing a context-dependent attacker to execute arbitrary code. (CVE-2015-2590)
- An unspecified flaw related to the Hotspot component may allow a context-dependent attacker to have an impact on integrity. (CVE-2015-2596)
- A flaw in the JCE component as various cryptographic operations use non-constant time comparisons allowing a remote attacker to conduct timing attacks in order to possibly glean sensitive information. (CVE-2015-2601)
- A flaw in the 'ECDH_Derive()' function in 'share/native/sun/security/ec/impl/ec.c' related to missing EC parameter validation when performing ECDH key derivation allowing a remote attacker to disclose potentially sensitive information. (CVE-2015-2613)
- An unspecified flaw related to the 2D component may allow a context-dependent attacker to gain access to sensitive information. (CVE-2015-2619)
- A flaw in the 'RMIConnectionImpl' constructor in 'share/classes/javax/management/remote/rmi/RMIConnectionImpl.java'. The issue is triggered due to improper permission checks when creating repository class loaders allowing a context-dependent attacker to bypass sandbox restrictions and disclose sensitive information. (CVE-2015-2621)
- A flaw in the JSSE component that is triggered when performing X.509 certificate identity checks allowing a remote attacker to have a certificate for another domain being accepted as valid. (CVE-2015-2625)
- An unspecified flaw related to the Install component allowing a remote attacker to gain access to sensitive information. (CVE-2015-2627)
- A typecasting flaw in 'share/classes/com/sun/corba/se/impl/io/IIOPInputStream.java' that is triggered when handling IIOP operations allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-2628)
- International Components for Unicode for C/C++ (ICU4C) contains an integer overflow condition in the 'LETableReference::verifyLength()' function in 'layout/LETableReference.h'. With a specially crafted font, a context-dependent attacker can crash an application linked against the library or potentially disclose memory contents. (CVE-2015-2632)
- An unspecified flaw related to the 2D component allowing a context-dependent attacker to gain access to sensitive information. (CVE-2015-2637)
- An unspecified flaw related to the 2D component allowing a context-dependent attacker to execute arbitrary code. (CVE-2015-2638)
- A NULL pointer dereference flaw in 'share/classes/com/sun/crypto/provider/GCTR.java' related to the GCM (Galois Counter Mode) implementation. The issue is triggered when performing encryption using a block cipher in GCM mode and may allow a remote attacker to cause a crash. (CVE-2015-2659)
- An unspecified flaw in the Deployment component allowing a local attacker to gain elevated privileges. (CVE-2015-2664)
- An unspecified flaw related to the Deployment component may allow a remote attacker to have an impact on confidentiality and integrity. (CVE-2015-4729)
- A flaw in 'share/classes/javax/management/MBeanServerInvocationHandler.java' is triggered when handling MBean connection proxy classes allowing a context-dependent attacker to bypass sandbox restrictions and potentially execute arbitrary code. (CVE-2015-4731)
- A flaw in 'share/classes/java/io/ObjectInputStream.java' and 'share/classes/java/io/SerialCallbackContext.java' related to insufficient context checks allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2015-4732)
- A flaw in the 'RemoteObjectInvocationHandler::invoke()' function in 'share/classes/java/rmi/server/RemoteObjectInvocationHandler.java'. The issue is triggered as calls to the finalize() method are permitted allowing a context-dependent attacker to bypass sandbox protections and potentially execute arbitrary code. (CVE-2015-4733)
- An unspecified flaw related to the Deployment component may allow a context-dependent attacker to execute arbitrary code. (CVE-2015-4736)
- A flaw that is triggered when handling Online Certificate Status Protocol (OCSP) responses with no 'nextUpdate' date specified allowing a remote attacker to cause an application to accept a revoked X.509 certificate. (CVE-2015-4748)
- A flaw in the 'DnsClient::query()' function in 'share/classes/com/sun/jndi/dns/DnsClient.java'. The issue is triggered as JNDI DnsClient's exception handling fails to release request information allowing a remote attacker to exhaust memory resources and cause a denial of service. (CVE-2015-4749)
-International Components for Unicode for C/C++ (ICU4C) contains overflow conditions in the layout engine. With a specially crafted font, a context-dependent attacker can cause a buffer overflow, crashing an application linked against the library or potentially allowing execution of arbitrary code. (CVE-2015-4760)

Solution

Update to Oracle Java SE 6 Update 101 / 7 Update 85 / 8 Update 51 or later.

See Also

http://www.oracle.com/technetwork/java/javase/overview-156328.html

http://www.oracle.com/technetwork/java/javase/7u85-relnotes-2587591.html

http://www.oracle.com/technetwork/java/javase/8u51-relnotes-2587590.html

Plugin Details

Severity: Critical

ID: 8918

Family: Web Clients

Published: 9/30/2015

Updated: 3/6/2019

Dependencies: 8893, 8892, 8895

Nessus ID: 84824, 84825

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*

Patch Publication Date: 7/14/2015

Vulnerability Publication Date: 2/5/2015

Reference Information

CVE: CVE-2015-2590, CVE-2015-2596, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760, CVE-2015-2659

BID: 75784, 75796, 75812, 75818, 75823, 75832, 75833, 75850, 75854, 75856, 75857, 75861, 75867, 75871, 75874, 75881, 75883, 75887, 75890, 75892, 75893, 75895, 75877

IAVA: 2015-A-0158