This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote AIX host has a version of Java SDK installed that is
affected by multiple TLS security downgrades.
The version of Java SDK installed on the remote host is affected by
multiple vulnerabilities :
- A man-in-the-middle information disclosure vulnerability
exists due to a TLS security downgrade flaw. A
man-in-the-middle attacker may be able to downgrade the
SSL/TLS connection to use EXPORT_RSA cipher suites which
can be factored in a short amount of time, allowing the
attacker to intercept and decrypt the traffic.
- A flaw exists in the RC4 algorithm implementation due to
improper combination of state data with key data during
the initialization phase. A man-in-the-middle attacker
can exploit this to conduct plaintext-recovery attacks.
See also :
Fixes are available by version and can be downloaded from the IBM AIX
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false