Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has a version of Oracle Secure Global Desktop that is
affected by multiple vulnerabilities.

Description :

The remote host has a version of Oracle Secure Global Desktop that is
version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple
vulnerabilities in the following components :

- Apache HTTP Server
- Client
- Gateway JARP module
- Gateway Reverse Proxy
- OpenSSL
- Print Servlet (only in 5.0 / 5.1)
- SGD SSL Daemon (ttassl)
- Web Server

See also :

http://www.nessus.org/u?c02f1515
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Apply the appropriate patch according to the January 2015 Oracle
Critical Patch Update advisory.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now