Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)

Medium Nessus Plugin ID 80890


The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.


The remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities in the following components :

- Hotspot
- Security

Note that CVE-2014-3566 is an error related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue.


Upgrade to version R27.8.5 / R28.3.5 or later as referenced in the January 2015 Oracle Critical Patch Update advisory.

See Also

Plugin Details

Severity: Medium

ID: 80890

File Name: oracle_jrockit_cpu_jan_2015.nasl

Version: $Revision: 1.8 $

Type: local

Agent: windows

Family: Windows

Published: 2015/01/21

Modified: 2016/05/24

Dependencies: 69304

Risk Information

Risk Factor: Medium


Base Score: 5.4

Temporal Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jrockit

Required KB Items: installed_sw/Oracle JRockit

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/01/20

Vulnerability Publication Date: 2015/01/20

Reference Information

CVE: CVE-2014-3566, CVE-2014-6593, CVE-2015-0383, CVE-2015-0410

BID: 70574, 72155, 72165, 72169

OSVDB: 113251, 117236, 117238, 117241

CERT: 577193