Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a programming platform that is
affected by multiple vulnerabilities.

Description :

The remote host has a version of Oracle JRockit that is affected by
multiple vulnerabilities in the following components :

- Hotspot
- Security

Note that CVE-2014-3566 is an error related to the way SSL 3.0 handles
padding bytes when decrypting messages encrypted using block ciphers
in cipher block chaining (CBC) mode. A man-in-the-middle attacker can
decrypt a selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections. This is also known
as the 'POODLE' issue.

See also :

Solution :

Upgrade to version R27.8.5 / R28.3.5 or later as referenced in the
January 2015 Oracle Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 5.4
CVSS Temporal Score : 4.7
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 80890 ()

Bugtraq ID: 70574

CVE ID: CVE-2014-3566

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now