Oracle JRockit R27 < R188.8.131.52 / R28 < R184.108.40.206 Multiple Vulnerabilities (July 2014 CPU)
Medium Nessus Plugin ID 76883
SynopsisThe remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities that could allow a remote user to affect the confidentiality of the system via :
- A design flaw in the RSA 'blinding' security component of the 'RASCore' class. By performing operations requiring the use of private keys and measuring timing differences, an attacker may be able to disclose information about the keys used.
- A design flaw in the 'validateDHPublicKey' function of the 'KeyUtil' class. A remote attacker may be able to recover a key. (CVE-2014-4263).
SolutionUpgrade to version R220.127.116.11 / R18.104.22.168 or later.