Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)
Medium Nessus Plugin ID 80890
SynopsisThe remote Windows host contains a programming platform that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities in the following components :
Note that CVE-2014-3566 is an error related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue.
SolutionUpgrade to version R27.8.5 / R28.3.5 or later as referenced in the January 2015 Oracle Critical Patch Update advisory.