Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a programming platform that is
affected by multiple vulnerabilities.

Description :

The remote host has a version of Oracle JRockit that is affected by
multiple vulnerabilities in the following components :

- Hotspot
- JSSE
- Security

Note that CVE-2014-3566 is an error related to the way SSL 3.0 handles
padding bytes when decrypting messages encrypted using block ciphers
in cipher block chaining (CBC) mode. A man-in-the-middle attacker can
decrypt a selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections. This is also known
as the 'POODLE' issue.

See also :

http://www.nessus.org/u?c02f1515
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to version R27.8.5 / R28.3.5 or later as referenced in the
January 2015 Oracle Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C)
CVSS Temporal Score : 4.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 80890 ()

Bugtraq ID: 70574
72155
72165
72169

CVE ID: CVE-2014-3566
CVE-2014-6593
CVE-2015-0383
CVE-2015-0410

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now