Oracle Java SE 6 < Update 113 / 7 < Update 97 / 8 < Update 73 Arbitrary Code Execution
High Nessus Network Monitor Plugin ID 9353
SynopsisThe remote host is missing a critical Oracle Java SE patch update.
DescriptionThe Oracle Java SE installed on the remote host is version 6 prior to Update 113, 7 prior to Update 97, or 8 prior to Update 73 and is affected by an arbitrary code execution vulnerability that may have been exploited when installing Java. If an attacker convinced a user to download a set of malicious files before Java was installed, then arbitrary code may have been executed during the installation. A system with the vulnerable versions of Java installed should be checked for malicious software or abnormal behaviors.
SolutionUpdate to Java 1.6.0_113 (for JRE 6) / 1.7.0_97 (for JRE 7) / 1.8.0_73 (for JRE 8) or later.