Oracle Java SE 6 < Update 141 / 7 < Update 131 / 8 < Update 121 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9917
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The version of Oracle Java SE installed on the remote host is prior to 6 Update 141, 7 Update 131, or 8 Update 121 and is affected by multiple vulnerabilities :

 - A flaw exists in the 'ECDSASignature' class of the Libraries subcomponent. The issue is triggered when handling signatures from DER input. This may allow a remote attacker to cause a signature in an incorrect format to be accepted. (CVE-2016-5546)
 - An unspecified flaw exists related to the Libraries subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-5547)
 - An unspecified flaw exists related to the Libraries subcomponent. This may allow a context-dependent attacker to gain access to sensitive information. No further details have been provided by the vendor. (CVE-2016-5548, CVE-2016-5549)
 - An unspecified flaw exists related to the Networking subcomponent. This may allow a remote attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2016-5552)
 - A flaw exists in the Install New Software and Update features in the Mission Control subcomponent that may allow a man-in-the-middle attacker to intercept and manipulate JAR files, potentially resulting in the installation of malicious content. (CVE-2016-8328)
 - An unspecified flaw exists related to the Networking subcomponent. This may allow a context-dependent attacker to gain access to sensitive information. No further details have been provided by the vendor. (CVE-2017-3231)
 - A flaw exists in the RMI registry and DCG (Distributed Garbage Collector) implementation that is triggered as certain input is not properly sanitized before being deserialized. This may allow a remote attacker to potentially execute arbitrary code outside of intended sandbox restrictions. (CVE-2017-3241)
 - An unspecified flaw exists related to the JAAS subcomponent. This may allow a context-dependent attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2017-3252)
 - A flaw exists in the 'PNGImageReader::readMetadata()' function in 'imageio/plugins/png/PNGImageReader.java' that is triggered when handling 'zTXt' and 'iTXt' image chunks. With a specially crafted PNG image, a remote attacker can exhaust available memory resources. (CVE-2017-3253)
 - An unspecified flaw exists related to the Deployment subcomponent. This may allow a remote attacker to gain access to sensitive information. No further details have been provided by the vendor. (CVE-2017-3259)
 - An unspecified flaw exists related to the Networking subcomponent. This may allow a context-dependent attacker to gain access to sensitive information. No further details have been provided by the vendor. (CVE-2017-3261)
 - An unspecified flaw exists related to the Java Mission Control subcomponent. This may allow a remote attacker to gain access to sensitive information. No further details have been provided by the vendor. (CVE-2017-3262)
 - A flaw exists related to improper restrictions on protected field members for the atomic field updaters in the 'java.util.concurrent.atomic' package. This may allow a context-dependent attacker to potentially execute arbitrary code outside of intended sandbox restrictions. (CVE-2017-3272)
 - A flaw exists in the Hotspot subcomponent related to insecure class construction when handling exception stack frames. This may allow a context-dependent attacker to potentially execute arbitrary code outside of intended sandbox restrictions. (CVE-2017-3289)

Solution

Upgrade to Java 1.8.0_121 or later. If version 1.8.x cannot be obtained, versions 1.7.0_131 and 1.6.0_141 are also patched for these vulnerabilities.

See Also

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA

Plugin Details

Severity: Critical

ID: 9917

Family: Web Clients

Published: 1/27/2017

Updated: 3/6/2019

Dependencies: 8893, 8892, 8895

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*

Patch Publication Date: 1/17/2017

Vulnerability Publication Date: 11/2/2016

Reference Information

CVE: CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289, CVE-2017-3259, CVE-2017-3262, CVE-2016-8328

BID: 95563, 95488, 95509, 95498, 95570, 95566, 95533, 95525, 95506, 95521, 95559, 95530, 95512, 95581, 95578