VMware vCenter Server Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has a virtualization management application installed
that is affected by multiple vulnerabilities.

Description :

The VMware vCenter Server installed on the remote host is version 5.0
prior to 5.0u3d, 5.1 prior to 5.1u3a, 5.5 prior to 5.5u2e, or 6.0
prior to 6.0.0a. It is, therefore, affected by a man-in-the-middle
(MitM) information disclosure vulnerability known as POODLE, related
to the bundled JRE component. The vulnerability is due to the way SSL
3.0 handles padding bytes when decrypting messages encrypted using
block ciphers in cipher block chaining (CBC) mode. MitM attackers can
decrypt a selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections.

Additionally, multiple unspecified vulnerabilities also exist in the
following bundled JRE components :

- 2D (CVE-2014-6585, CVE-2014-6591)

- Deployment (CVE-2015-0403, CVE-2015-0406)

- Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,
CVE-2015-0437)

- Installation (CVE-2015-0421)

- JAX-WS (CVE-2015-0412)

- JSSE (CVE-2014-6593)

- Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400)

- RMI (CVE-2015-0408)

- Security (CVE-2015-0410)

- Serviceability (CVE-2015-0413)

- Swing (CVE-2015-0407)

See also :

http://www.vmware.com/security/advisories/VMSA-2015-0003.html
http://seclists.org/fulldisclosure/2015/Apr/5
http://www.nessus.org/u?c02f1515
http://www.nessus.org/u?12e35b07
http://www.nessus.org/u?726f7054
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to VMware vCenter Server 5.0u3d (5.0.0 build-2656067) / 5.1u3a
(5.1.0 build-2669725) / 5.5u2e (5.5.0 build-2646482) / 6.0.0a (6.0.0
build-2656757) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false