The host is installed with Oracle Java SE JRE and is prone to multiple unspecified vulnerabilities.

Successful exploitation will allow attackers to bypass security restrictions, disclose sensitive information, manipulate certain data, conduct IP spoofing attacks or hijack a mutually authenticated session. Impact Level: Application.

Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Multiple flaws exist due to, - An unspecified error in share/classes/javax/crypto/CipherInputStream.java script related to streaming of input cipher streams. - An error in share/classes/java/util/ResourceBundle.java script related to property processing and handling of names. - An error in the 'LogRecord::readObject' function in classes/java/util/logging/LogRecord.java related to handling of resource bundles. - An error related to the wrapping of datagram sockets in the DatagramSocket implementation. - An error in share/classes/java/util/logging/Logger.java related to missing permission checks of logger resources. - An error related to handling of server certificate changes during SSL/TLS renegotiation. - An error within the 2D subcomponent of the client deployment.

Oracle Java SE 5 update 71 and prior, 6 update 81 and prior, 7 update 67 and prior, and 8 update 20 and prior on Windows

Get the installed version of Oracle Java SE JRE with the help of detect NVT and check the version is vulnerable or not.

• http://osvdb.com/113325
• http://osvdb.com/113332
• http://osvdb.com/113333
• http://osvdb.com/113334
• http://osvdb.com/113337
• http://secunia.com/advisories/61609/
• http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

---

Updated on 2017-03-28