IBM Global Security Kit 7 < / 8.0.14.x < / 8.0.50.x < Multiple Vulnerabilities

High Nessus Plugin ID 74287


The remote Windows host has a library installed that is affected by multiple vulnerabilities.


The remote Windows host has a version of IBM Global Security Kit prior to / / It is, therefore, affected by the following vulnerabilities :

- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)

- A denial of service vulnerability exists which an attacker can exploit by sending a specially crafted SSL request to cause the host to become unresponsive.


Apply GSKit / / or later or apply the appropriate patch referenced in the advisory.

See Also

Plugin Details

Severity: High

ID: 74287

File Name: ibm_gskit_8_0_50_20.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2014/06/03

Modified: 2015/01/13

Dependencies: 67230

Risk Information

Risk Factor: High


Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:global_security_kit

Required KB Items: installed_sw/IBM GSKit, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/05/01

Vulnerability Publication Date: 2014/02/24

Reference Information

CVE: CVE-2014-0076, CVE-2014-0963

BID: 66363, 67238

OSVDB: 104810, 106786