Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)
Medium Nessus Plugin ID 124171
SynopsisAn application server installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities:
- An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
SolutionApply the appropriate patch according to the April 2019 Oracle Critical Patch Update advisory.