The host is installed with Oracle Java SE JRE and is prone to multiple unspecified vulnerabilities.

Successful exploitation will allow attackers to conduct a denial of service attack, man-in-the-middle attack, potentially disclose memory contents, remove or overwrite arbitrary files on the system, disclose certain directory information, bypass sandbox restrictions and potentially execute arbitrary code. Impact Level: System/Application

Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Multiple unspecified flaws exist due to, - An infinite loop in the DER decoder that is triggered when handling negative length values. - An error in the RMI component's transport implementation related to incorrect context class loader use. - An error in the Swing component's file chooser implementation. - An error in vm/memory/referenceProcessor.cpp related to handling of phantom object references in the Hotspot JVM garbage collector. - An error in the Hotspot JVM related to insecure handling of temporary performance data files. - An error in the JSSE component related to improper ChangeCipherSpec tracking during SSL/TLS handshakes. - Two out-of-bounds read errors in the layout component that is triggered when parsing fonts.

Oracle Java SE 5 update 75 and prior, 6 update 85 and prior, 7 update 72 and prior, and 8 update 25 and prior on Windows.

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://osvdb.org/117227
• http://osvdb.org/117228
• http://osvdb.org/117232
• http://osvdb.org/117233
• http://osvdb.org/117235
• http://osvdb.org/117236
• http://osvdb.org/117238
• http://osvdb.org/117241
• http://secunia.com/advisories/62215
• http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

---

Updated on 2015-03-25