Detections
Analytics
Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)
medium Nessus Plugin ID 80890
Language:
Synopsis
The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.Description
The remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities in the following components :- Hotspot
- JSSE
- Security
Note that CVE-2014-3566 is an error related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue.
Solution
Upgrade to version R27.8.5 / R28.3.5 or later as referenced in the January 2015 Oracle Critical Patch Update advisory.See Also
http://www.nessus.org/u?75c6cafb
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
Plugin Details
Severity: Medium
ID: 80890
File Name: oracle_jrockit_cpu_jan_2015.nasl
Version: 1.10
Type: local
Agent: windows
Family: Windows
Published: 1/21/2015
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.2
Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C
Vulnerability Information
CPE: cpe:/a:oracle:jrockit
Required KB Items: installed_sw/Oracle JRockit
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/20/2015
Vulnerability Publication Date: 1/20/2015
Reference Information
CVE: CVE-2014-3566, CVE-2014-6593, CVE-2015-0383, CVE-2015-0410
BID: 70574, 72155, 72165, 72169
CERT: 577193