Java Distribution Detection on Windows

Background

Nessus plugin 33545 detects Java Runtime Environments (JREs) and other Java executable files on Windows platforms through several methods including searching the filesystem. However, these Java installs are currently detected as Sun/Oracle Java which potentially leads to false positives with other Java distributions such as OpenJDK.

Change

After careful examination of the different distributions of Java, a new Nessus plugin in being introduced that attempts to differentiate between these different Java distributions:

• Sun
• Oracle
• IBM
• OpenJDK
• AdoptOpenJDK
• Azul Zulu
• Amazon Corretto

Individual detection plugins for each of these distributions will be released and this post will be updated with the plugin IDs once the plugins are published to the feed. Vulnerability plugins that use these new detections will be released at a later date.

Impact

Customers should expect more accurate detection of Java distributions, potentially resulting in a decrease in vulnerability detections for Sun/Oracle Java. These improvements may also result in slightly longer scan times and use more system resources on the scanned hosts.

Updated Plugin

33545 - Oracle Java Runtime Environment (JRE) Detection

New Plugins

148499 - Java Detection and Identification (Windows)

148709 - IBM Java Detection (Windows)

148707 - OpenJDK Java Detection (Windows)

148705 - AdoptOpenJDK Java Detection (Windows)

148706 - Azul Zulu Java Detection (Windows)

148708 - Amazon Corretto Java Detection (Windows)

Target Release Date

16 April 2021

Released in plugin feed 202104161706 

Additional Notes

Please note that enabling thorough checks will increase the amount of time the plugin will search for additional Java executables and perform additional tests, potentially yielding additional results including vulnerability detections.

---------------------------------------------------------------------------------------------------

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.