Enhanced Java Detection

Background

Nessus plugins 147817 and 148499 detect Java Runtime Environments (JREs) and other Java executable files on target hosts through several methods. One of these methods is to check the output of the Java executable with the ‘version’ flag if the executable is in a limited whitelist of directories created by Tenable or digitally signed.

Change

The logic in 147817 and 148499 has been updated to be more efficient and accurate by leveraging the output of the Java executable as the highest priority for identification and no longer run other detection methods for that Java install. Other detection methods, such as inspecting the binary and associated metadata, will be performed if the binary is not in a whitelisted directory or the output fails validation.

Impact

Customers should expect reduced scan times and more accurate reporting of Java instances along with an associated note indicating that the version was obtained by "self reported version information.” This change may potentially result in additional or fewer vulnerability findings.

Plugins

147817 - Java Detection and Identification (Linux / Unix)

148499 - Java Detection and Identification (Windows)

Target Release Date

March 14, 2022

Update: These changes have been released in 202203142037 (Linux / Unix) and 202203151614 (Windows)