Oracle JRockit R27 < R27.8.3.9 / R28 < R28.3.3.10 Multiple Vulnerabilities (July 2014 CPU)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a programming platform that is
affected by multiple vulnerabilities.

Description :

The remote host has a version of Oracle JRockit that is affected by
multiple vulnerabilities that could allow a remote user to affect the
confidentiality of the system via :

- A design flaw in the RSA 'blinding' security component
of the 'RASCore' class. By performing operations
requiring the use of private keys and measuring timing
differences, an attacker may be able to disclose
information about the keys used.
(CVE-2014-4244).

- A design flaw in the 'validateDHPublicKey' function of
the 'KeyUtil' class. A remote attacker may be able to
recover a key. (CVE-2014-4263).

See also :

http://www.nessus.org/u?7de2f8eb

Solution :

Upgrade to version R27.8.3.9 / R28.3.3.10 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 76883 ()

Bugtraq ID: 68624
68636

CVE ID: CVE-2014-4244
CVE-2014-4263

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now