Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)

medium Nessus Plugin ID 80890


The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.


The remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities in the following components :

- Hotspot
- Security

Note that CVE-2014-3566 is an error related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue.


Upgrade to version R27.8.5 / R28.3.5 or later as referenced in the January 2015 Oracle Critical Patch Update advisory.

See Also

Plugin Details

Severity: Medium

ID: 80890

File Name: oracle_jrockit_cpu_jan_2015.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 1/21/2015

Updated: 11/15/2018

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Medium

Score: 5.4


Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.2

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jrockit

Required KB Items: installed_sw/Oracle JRockit

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/20/2015

Vulnerability Publication Date: 1/20/2015

Reference Information

CVE: CVE-2014-3566, CVE-2014-6593, CVE-2015-0383, CVE-2015-0410

BID: 70574, 72155, 72165, 72169

CERT: 577193