This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote host has a version of Oracle Secure Global Desktop that is
affected by multiple vulnerabilities.
The remote host has a version of Oracle Secure Global Desktop
installed that is affected by multiple vulnerabilities :
- Specially crafted requests sent with chunked transfer
encoding could allow a remote attacker to perform a
'limited' denial of service attack on the Tomcat server.
- The Tomcat server is affected by a session fixation
vulnerability in the FORM authenticator. (CVE-2013-2067)
- The Apache Tomcat AsyncListener method is affected by a
cross-session information disclosure vulnerability when
handling user requests. (CVE-2013-2071)
- The Administration Console and Workspace Web
Applications subcomponent is affected by an unspecified,
remote vulnerability. (CVE-2014-0419)
See also :
Apply the appropriate patch according to the the January 2014 Oracle
Critical Patch Update advisory.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true