This script is Copyright (C) 2015 Tenable Network Security, Inc.
A programming platform installed on the remote Windows host is
affected by multiple vulnerabilities.
The version of Oracle JRockit installed on the remote Windows host is
R28 prior to R28.3.7. It is, therefore, affected by multiple
- An unspecified flaw exists in the JCE component that
allows a remote attacker to gain access to sensitive
- An unspecified flaw exists in the JSSE component when
handling the SSL/TLS protocol. A remote attacker can
exploit this to gain access to sensitive information.
- A security feature bypass vulnerability exists, known as
Bar Mitzvah, due to improper combination of state data
with key data by the RC4 cipher algorithm during the
initialization phase. A man-in-the-middle attacker can
exploit this, via a brute-force attack using LSB values,
to decrypt the traffic. (CVE-2015-2808)
- A man-in-the-middle vulnerability, known as Logjam,
exists due to a flaw in the SSL/TLS protocol. A remote
attacker can exploit this flaw to downgrade connections
using ephemeral Diffie-Hellman key exchange to 512-bit
export-grade cryptography. (CVE-2015-4000)
- An unspecified flaw exists in the Security component
when handling the Online Certificate Status Protocol
(OCSP). A remote attacker can exploit this to execute
arbitrary code. (CVE-2015-4748)
- An unspecified flaw exists in the JNDI component that
allows a remote attacker to cause a denial of service.
See also :
Upgrade to Oracle JRockit version R28.3.7 or later as referenced in
the July 2015 Oracle Critical Patch Update advisory.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.6
Public Exploit Available : false
Nessus Plugin ID: 84808 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now