VMware vCenter Chargeback Manager Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by multiple vulnerabilities.

Description :

The version of VMware vCenter Chargeback Manager installed on the
remote host is affected by a man-in-the-middle (MitM) information
disclosure vulnerability known as POODLE. The vulnerability is due to
the way SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining (CBC) mode.
MitM attackers can decrypt a selected byte of a cipher text in as few
as 256 tries if they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0 connections.
(CVE-2014-3566)

Additionally, unspecified vulnerabilities also exist in the following
bundled Java components :

- 2D (CVE-2014-6585, CVE-2014-6591)

- Deployment (CVE-2015-0403, CVE-2015-0406)

- Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,
CVE-2015-0437)

- Installation (CVE-2015-0421)

- JAX-WS (CVE-2015-0412)

- JSSE (CVE-2014-6593)

- Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400)

- RMI (CVE-2015-0408)

- Security (CVE-2015-0410)

- Serviceability (CVE-2015-0413)

- Swing (CVE-2015-0407)

See also :

https://www.vmware.com/security/advisories/VMSA-2015-0003
http://seclists.org/fulldisclosure/2015/Apr/5
http://www.nessus.org/u?2fc26e85
http://www.nessus.org/u?09fca0e3
http://www.nessus.org/u?c02f1515
http://www.nessus.org/u?12e35b07
http://www.nessus.org/u?726f7054
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Apply the vendor patch referenced in :

- KB: 2112011 for vCenter Chargeback Manager 2.7
- KB: 2113178 for vCenter Chargeback Manager 2.6

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false