AnsweredAssumed Answered

Nexpose is flagging Metasploit Pro java version

Question asked by Brennon Thomas on Jun 9, 2017

Any recommendations?  Here's what I've done so far.

 

1) Run credentialed scan against the box.

2) Installed Metasploit Pro and reinstalled to version: 2017053001

3) java version

 

# /opt/metasploit/java/bin/java -showversion

java version "1.8.0_60"

Java(TM) SE Runtime Environment (build 1.8.0_60-b27)

Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)

 

4) Identified vulns according to Nexpose

 

Vulnerable OS: CentOS Linux 7.3.1611

Vulnerable software installed: Oracle JRE (/opt/metasploit/java/bin/java) 1.8.0.60

 

Java CPU April 2016 Java SE 2D vulnerability (CVE-2016-3422)

Java CPU April 2016 Java SE 2D vulnerability (CVE-2016-3443)

Java CPU April 2016 Java SE Deployment vulnerability (CVE-2016-3449)

Java CPU January 2017 Java SE Deployment vulnerability (CVE-2017-3259)

Java CPU January 2017 Java SE Java Mission Control vulnerability (CVE-2016-8328)

Java CPU January 2017 Java SE Java Mission Control vulnerability (CVE-2017-3262)

Java CPU January 2017 Java SE, Java SE Embedded Libraries vulnerability (CVE-2016-2183)

Java CPU July 2016 Java SE Deployment vulnerability (CVE-2016-3511)

Java CPU July 2016 Java SE Install vulnerability (CVE-2016-3503)

Java CPU July 2016 Java SE Install vulnerability (CVE-2016-3552)

Java CPU July 2016 Java SE JavaFX vulnerability (CVE-2016-3498)

Java CPU October 2015 Java SE Deployment vulnerability (CVE-2015-4810)

Java CPU October 2015 Java SE Deployment vulnerability (CVE-2015-4902)

Java CPU October 2015 Java SE JavaFX vulnerability (CVE-2015-4901)

Java CPU October 2015 Java SE, JavaFX JavaFX vulnerability (CVE-2015-4906)

Java CPU October 2015 Java SE, JavaFX JavaFX vulnerability (CVE-2015-4908)

Java CPU October 2015 Java SE, JavaFX JavaFX vulnerability (CVE-2015-4916)

Java CPU October 2016 Java SE 2D vulnerability (CVE-2016-5556)

 

                                  

Java CPU April 2016   Java SE 2D vulnerability (CVE-2016-3422)
Java CPU April 2016 Java SE 2D   vulnerability (CVE-2016-3443)
Java CPU April 2016 Java SE Deployment   vulnerability (CVE-2016-3449)
Java CPU January 2017 Java SE Deployment   vulnerability (CVE-2017-3259)
Java CPU January 2017 Java SE Java   Mission Control vulnerability (CVE-2016-8328)
Java CPU January 2017 Java SE Java   Mission Control vulnerability (CVE-2017-3262)
Java CPU January 2017 Java SE, Java SE   Embedded Libraries vulnerability (CVE-2016-2183)
Java CPU July 2016 Java SE Deployment   vulnerability (CVE-2016-3511)
Java CPU July 2016 Java SE Install   vulnerability (CVE-2016-3503)
Java CPU July 2016 Java SE Install   vulnerability (CVE-2016-3552)
Java CPU July 2016 Java SE JavaFX   vulnerability (CVE-2016-3498)
Java CPU October 2015 Java SE Deployment   vulnerability (CVE-2015-4810)
Java CPU October 2015 Java SE Deployment   vulnerability (CVE-2015-4902)
Java CPU October 2015 Java SE JavaFX   vulnerability (CVE-2015-4901)
Java CPU October 2015 Java SE, JavaFX   JavaFX vulnerability (CVE-2015-4906)
Java CPU October 2015 Java SE, JavaFX   JavaFX vulnerability (CVE-2015-4908)
Java CPU October 2015 Java SE, JavaFX   JavaFX vulnerability (CVE-2015-4916)
Java CPU October 2016 Java SE 2D   vulnerability (CVE-2016-5556)

Outcomes