This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote OracleVM host is missing a security update.
The remote OracleVM system is missing necessary patches to address
critical security updates :
- fix CVE-2014-3570 - incorrect computation in BN_sqr
- fix CVE-2014-3571 - possible crash in dtls1_get_record
- fix CVE-2014-3572 - possible downgrade of ECDH
ciphersuite to non-PFS state
- fix CVE-2014-8275 - various certificate fingerprint
- fix CVE-2015-0204 - remove support for RSA ephemeral
keys for non-export ciphersuites and on server
- fix CVE-2015-0205 - do not allow unauthenticated client
- fix CVE-2015-0206 - possible memory leak when buffering
- use FIPS approved method for computation of d in RSA
See also :
Update the affected openssl package.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: OracleVM Local Security Checks
Nessus Plugin ID: 80929 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now