Detections
Analytics

Oracle Java SE 7 < Update 73 / 8 < Update 26 'Serviceability' Component Unknown Vulnerability

low Nessus Network Monitor Plugin ID 8904

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The Oracle Java SE installed on the remote host is version 7 prior to Update 75 or 8 prior to Update 26 and is therefore affected by a vulnerability in the 'Serviceability' component. While the details of this vulnerability are not currently known, the vendor has acknowledged that local integrity may be impacted.

Solution

Update to Java 1.7.0_73 (for JRE 7) / 1.8.0_26 (for JRE 8) or later.

See Also

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

https://blogs.oracle.com/security/

Plugin Details

Severity: Low

ID: 8904

Family: Web Clients

Published: 2/10/2015

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 2.9

Temporal Score: 2.6

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:java_se

Patch Publication Date: 1/21/2015

Vulnerability Publication Date: 1/21/2015

Reference Information

CVE: CVE-2015-0413

BID: 72176