Improved Accuracy of Oracle Java Detection on Windows...

Question

Improved Accuracy of Oracle Java Detection on WindowsChangeNessus Plugin 33545 finds Oracle Java Runtime Environments (JREs) on Windows platforms. Multiple vendors provide JREs, and security advisories for one vendor do not apply to others. This plugin was including some OpenJDK and IBM Java executables in these reports. With this change, these executables will no longer be misidentified as Oracle Java.ImpactCustomers should expect more accurate identification of Oracle Java installs, potentially resulting in fewer vulnerability reports.Plugin33545 - Oracle Java Runtime Environment (JRE) DetectionTarget Release Date16 September 2019Additional NotesIf plugin debugging is enabled, these non-Oracle Java instances will be noted in the logs.

cezar1 · Answer

Will there be plugin showing non-Oracle JRE implementations installed on Windows systems?

anonymous · Answer

Thanks for sharing.

ravi_kumar6 · Answer

Useful information

dilip_tiwari · Answer

​Thanks for the info @Matt Everson​&nbsp;- I would request that when multiple versions of Java is detected in the output we display installed path of all Java versions. I had challenges when I was new to Nessus Pro, I used to get this vulnerability but the output used to have only 1 installed java path.

anonymous · Answer

More research on how the version is represented needs to be done, but yes, we will work to support OpenJDK and IBM Java on Windows.

Tenable Research Release Highlights

Forum Discussion

Improved Accuracy of Oracle Java Detection on Windows...

5 Replies

Recent Discussions

Component Installs Require Paranoid Checks

Compliance Windows Command Execution Enhancement

Disable Red Hat repository correlations and strictly use package version checks

Windows Patch Management Remediation Guidance

Improvements to Live Kernel Patching Detection

Americas

Europe

Asia / Australia