Oracle Secure Global Desktop Multiple Vulnerabilities (January 2014 CPU)

Medium Nessus Plugin ID 72339

Synopsis

The remote host has a version of Oracle Secure Global Desktop that is affected by multiple vulnerabilities.

Description

The remote host has a version of Oracle Secure Global Desktop installed that is affected by multiple vulnerabilities :

- Specially crafted requests sent with chunked transfer encoding could allow a remote attacker to perform a 'limited' denial of service attack on the Tomcat server.
(CVE-2012-3544)

- The Tomcat server is affected by a session fixation vulnerability in the FORM authenticator. (CVE-2013-2067)

- The Apache Tomcat AsyncListener method is affected by a cross-session information disclosure vulnerability when handling user requests. (CVE-2013-2071)

- The Administration Console and Workspace Web Applications subcomponent is affected by an unspecified, remote vulnerability. (CVE-2014-0419)

Solution

Apply the appropriate patch according to the the January 2014 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?17c46362

http://www.nessus.org/u?32433158

Plugin Details

Severity: Medium

ID: 72339

File Name: oracle_secure_global_desktop_jan_2014_cpu.nasl

Version: 1.15

Type: local

Family: Misc.

Published: 2014/02/05

Updated: 2018/11/15

Dependencies: 70729

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:virtualization_secure_global_desktop

Required KB Items: Host/Oracle_Secure_Global_Desktop/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/12/20

Vulnerability Publication Date: 2013/12/20

Reference Information

CVE: CVE-2012-3544, CVE-2013-2067, CVE-2013-2071, CVE-2014-0419

BID: 59797, 59798, 59799, 64902