Java Distribution Detection on Unix-based OSes

Background

Nessus plugin 64815 detects Java Runtime Environments (JREs) and other Java executable files on Unix-based platforms through several methods including searching the filesystem. However, these Java installs are currently detected as Sun/Oracle Java which potentially leads to false positives with other Java distributions such as OpenJDK.

Change

After careful examination of the different distributions of Java, Nessus plugin 147817 was created that attempts to differentiate between these different Java distributions:

• Sun
• Oracle
• IBM
• OpenJDK
• Adopt OpenJDK
• Azul Zulu
• Amazon Corretto

Individual detection plugins for each of these distributions will be released and this post will be updated with the plugin IDs once the plugins are published to the feed. Vulnerability plugins that use these new detections will be released at a later date.

Impact

Customers should expect more accurate detection of Java distributions, potentially resulting in a decrease in vulnerability detections for Sun/Oracle Java. These improvements may also result in slightly longer scan times and use more system resources on the scanned hosts.

Updated Plugins

64815 - Oracle Java Runtime Environment (JRE) Detection (Unix)

147817 - Java Detection and Identification (Linux / Unix)

New Plugins

148375 - AdoptOpenJDK Java Detection (Linux / Unix)

148376 - Amazon Corretto Java Detection (Linux / Unix)

148372 - IBM Java Detection (Linux / Unix)

148373 - OpenJDK Java Detection (Linux / Unix)

148374 - Azul Zulu Java Detection (Linux / Unix)

Target Release Date

7 April 2021

Released in feed 202104080559

Additional Notes

Please note that enabling thorough checks will increase the amount of time the plugin will search for additional Java executables and perform additional tests, potentially yielding additional results including vulnerability detections.

Also, a feature was added in December 2020 to allow for directories to be included in the search used by detection plugins including plugin 64815. Customers can make use of this feature to improve detections of Java. See Include specific paths when searching for applications for more information.

---------------------------------------------------------------------------------------------------

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.