SynopsisThe remote host has a version of Oracle Secure Global Desktop that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Oracle Secure Global Desktop installed that is affected by multiple vulnerabilities :
- Specially crafted requests sent with chunked transfer encoding could allow a remote attacker to perform a 'limited' denial of service attack on the Tomcat server.
- The Tomcat server is affected by a session fixation vulnerability in the FORM authenticator. (CVE-2013-2067)
- The Apache Tomcat AsyncListener method is affected by a cross-session information disclosure vulnerability when handling user requests. (CVE-2013-2071)
- The Administration Console and Workspace Web Applications subcomponent is affected by an unspecified, remote vulnerability. (CVE-2014-0419)
SolutionApply the appropriate patch according to the the January 2014 Oracle Critical Patch Update advisory.