Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Java (Oracle JDK) Number Of NVD 974 CRITICAL 37 HIGH 411 MEDIUM 412 LOW 114
URL https://java.com/
Explanation Java is a programming language and computing platform that was first released by Sun Microsystems in 1995.

Excerpt from [https://java.com/ja/download/faq/whatis_java.xml]

Intermediate files compiled from source code can be executed on various platforms (operating systems) via the JVM (Java Virtual Machine).
Since the JVM absorbs platform differences, the developer does not have to be aware of the platform.

Java has played a major role in the spread of object-oriented languages.
It is now used in many enterprise systems and is a required language for business.
Because it compiles, it has the advantage of running faster than interpreted languages such as Python and PHP.

Currently, it is managed by Oracle since Sun Microsystems was merged into Oracle.

Oracle JDK (Java Development Kit): A collection of functions necessary for the development and execution of Java.
JRE (Java Runtime Environment): A collection of items required to run Java.
Java SE (Java Platform, Standard Edition): A collection of standard features for developing Java applications on desktops and servers.
Java EE (Java Platform, Enterprise Edition): Java SE with additional enterprise features (required for web application development)
Java ME (Java Platform, Micro Edition): A collection of features required for embedded crises and mobile devices in the IoT.

Every six months a new Java SE is released, and every three years an LTS (Long Term Support) version is released.
The current LTS is Oracle Java SE 11 and it is paid for.
Starting with Java 11, the JRE is no longer distributed solely as a JRE.
Java EE was donated to the Eclipse Foundation in 2017 to be open sourced, and has been developed as Jakarta EE since Java EE 9.

LTS has Premier Support for 5 years after release and Extended Support for the next 3 years, for a total of 8 years of support.
All versions other than LTS are entitled to Premier Support for six months after release.

A free Open JDK will also be released, but support will expire every six months, increasing the burden of migration.
Tag
  • 商用ライセンス有り
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.oracle.com/java/technologies/java-se-support-roadmap.html
2 https://www.oracle.com/technetwork/jp/java/eol-135779-ja.html
3 http://jdk.java.net/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
971 Oracle JDK 18 March 1, 2022 Sept. 30, 2022 0 3 5 0
972 Oracle JDK 17(LTS) 17.0.8 July 18, 2023 Sept. 1, 2021 Sept. 30, 2026 Sept. 30, 2029 0 9 33 18
973 Oracle JDK 16 March 1, 2021 Sept. 30, 2021 0 1 4 0
974 Oracle JDK 15 Sept. 1, 2020 March 31, 2021 0 0 3 6
975 Oracle JDK 14 March 1, 2020 Sept. 30, 2020 0 5 8 9
976 Oracle JDK 13 Sept. 1, 2019 March 31, 2020 0 1 10 15
977 Oracle JDK 12 March 1, 2019 Sept. 30, 2019 0 1 7 3
978 Oracle JDK 11 (LTS) 11.0.16 July 19, 2022 Sept. 1, 2018 Sept. 30, 2023 Sept. 30, 2026 1 17 67 55
979 Oracle JDK 10 March 1, 2018 Sept. 30, 2018 0 7 10 2
980 Oracle JDK 9 Sept. 1, 2017 March 31, 2018 0 5 14 1
981 Oracle JDK 8 (LTS) March 1, 2014 March 31, 2022 Dec. 31, 2030 1 1 2 0
982 Oracle JDK 7 (LTS) July 1, 2011 July 31, 2019 July 31, 2022 0 2 2 0
983 Oracle JDK 19 19 0 0 5 4
984 Oracle JDK - - 2 194 133 22
985 JDK 6 6.0 Jan. 1, 2000 0 28 12 1
986 JDK 5 5.0 Jan. 1, 2000 0 28 13 0
987 JDK 1.9 1.9.1 Jan. 1, 2000 2 28 23 1
988 JDK 1.8 1.8.0 Jan. 1, 2000 32 149 207 76
989 JDK 1.7 1.7.0 Jan. 1, 2000 28 255 279 73
990 JDK 1.6 1.6.0.300 Jan. 1, 2000 24 320 277 47
991 JDK 1.5 1.5.0.320 Jan. 1, 2000 2 250 189 30
992 JDK 1.4 1.4.2_9 Jan. 1, 2000 2 197 135 23
993 JDK 1.3 1.3.1_28 Jan. 1, 2000 2 199 133 22
994 JDK 1.2 1.2.2 Jan. 1, 2000 2 196 134 22
995 JDK 1.2 1.1.8 Jan. 1, 2000 2 195 135 22
996 JDK 1.10 1.10.0 Jan. 1, 2000 2 194 133 22
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
971 -
7.5 		HIGH Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft V… NVD-CWE-Other
CVE-2002-0076 cpe:2.3:a:sun:jdk:1.1.8:update8
cpe:2.3:a:sun:jdk:1.1.8:update14 		2018-10-13 06:31
2002-03-19 		Show GitHub Exploit DB Packet Storm
972 -
5.0 		MEDIUM Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the se… NVD-CWE-Other
CVE-2002-0058 cpe:2.3:a:sun:jdk:1.1.8:update7
cpe:2.3:a:sun:jdk:1.1.8:update13 		2018-10-13 06:30
2002-03-15 		Show GitHub Exploit DB Packet Storm
973 -
7.5 		HIGH Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. NVD-CWE-Other
CVE-2001-1480 cpe:2.3:a:sun:jdk:1.3.0_02:*
cpe:2.3:a:sun:jdk:1.3.0_02:*
cpe:2.3:a:sun:jdk:1.3.0_02:*
cpe:2.3:a:sun:jdk:1.2.2… 		2017-07-11 10:29
2001-12-31 		Show GitHub Exploit DB Packet Storm
974 -
5.1 		MEDIUM Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox… NVD-CWE-Other
CVE-2000-1099 cpe:2.3:a:sun:jdk:1.2.2:update5
cpe:2.3:a:sun:jdk:1.2.2:update4
cpe:2.3:a:sun:jdk:1.2.1:update3
cpe:2.3:a:sun:… 		1.2.1 2018-09-21 03:45
2001-01-9 		Show GitHub Exploit DB Packet Storm