Oracle Java SE 7 <
PVS ID: 6664 FAMILY: Web Clients RISK: HIGH NESSUS ID:63521
Description: Synopsis :\n\nThe remote Windows host contains a programming platform that is affected by a code execution vulnerability.\n\nThe remote host is running Java version : %L. This version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is 7 Update 10 or earlier and is, therefore, potentially affected by the following security issues:\n\n - An unspecified issue exists in the Libraries component. (CVE-2012-3174)\n\n - An error exists in the 'MBeanInstantiator.findClass' method that could allow remote, arbitrary code execution. (CVE-2013-0422)\n\nNote that, according the advisory, these issues apply to client deployments of Java only and can only be exploited through untrusted 'Java Web Start' applications and untrusted Java applets

Solution: Update to JDK / JRE 7 Update 11 or later and, if necessary, remove any affected versions.


Copyright Tenable Network Security Inc. 2013