Title

Java Runtime Environment (JRE) versions that are no longer supported by the vendor for security updates must not be installed on a system. (Cat I impact)

Discussion

Java Runtime Environment (JRE) versions that are no longer supported by Oracle for security updates are not evaluated or updated for vulnerabilities leaving them open to potential attack. Organizations must transition to a supported Java Runtime Environment (JRE) version to ensure continued support.

Check Content

Oracle support for Java Runtime Environment (JRE) 6 for Windows 7 ended 2013 Feb. If JRE 6 for Windows 7 is installed on a system, this is a finding. If an extended support agreement providing security patches for the unsupported product is procured from the vendor, this finding may be downgraded to a CAT III.

Fix Text

Upgrade Java Runtime Environment (JRE) 6 for Windows 7 software to a supported version.

Additional Identifiers

Rule ID: SV-75503r2_rule

Vulnerability ID: V-61035

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.