Oracle Secure Global Desktop Multiple Vulnerabilities (January 2014 CPU)

medium Nessus Plugin ID 72339

Synopsis

The remote host has a version of Oracle Secure Global Desktop that is affected by multiple vulnerabilities.

Description

The remote host has a version of Oracle Secure Global Desktop installed that is affected by multiple vulnerabilities :

- Specially crafted requests sent with chunked transfer encoding could allow a remote attacker to perform a 'limited' denial of service attack on the Tomcat server.
(CVE-2012-3544)

- The Tomcat server is affected by a session fixation vulnerability in the FORM authenticator. (CVE-2013-2067)

- The Apache Tomcat AsyncListener method is affected by a cross-session information disclosure vulnerability when handling user requests. (CVE-2013-2071)

- The Administration Console and Workspace Web Applications subcomponent is affected by an unspecified, remote vulnerability. (CVE-2014-0419)

Solution

Apply the appropriate patch according to the the January 2014 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?17c46362

http://www.nessus.org/u?32433158

Plugin Details

Severity: Medium

ID: 72339

File Name: oracle_secure_global_desktop_jan_2014_cpu.nasl

Version: 1.16

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 2/5/2014

Updated: 10/25/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:oracle:virtualization_secure_global_desktop

Required KB Items: Host/Oracle_Secure_Global_Desktop/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/20/2013

Vulnerability Publication Date: 12/20/2013

Reference Information

CVE: CVE-2012-3544, CVE-2013-2067, CVE-2013-2071, CVE-2014-0419

BID: 59797, 59798, 59799, 64902