Detections
Analytics
Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)
medium Nessus Plugin ID 80912
Language:
Synopsis
The remote host has a version of Oracle Secure Global Desktop that is affected by multiple vulnerabilities.Description
The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components :- Apache HTTP Server
- Client
- Gateway JARP module
- Gateway Reverse Proxy
- OpenSSL
- Print Servlet (only in 5.0 / 5.1)
- SGD SSL Daemon (ttassl)
- Web Server
Solution
Apply the appropriate patch according to the January 2015 Oracle Critical Patch Update advisory.See Also
http://www.nessus.org/u?75c6cafb
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
Plugin Details
Severity: Medium
ID: 80912
File Name: oracle_secure_global_desktop_jan_2015_cpu.nasl
Version: 1.19
Type: local
Agent: windows, macosx, unix
Family: Misc.
Published: 1/22/2015
Updated: 10/25/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2014-0226
Vulnerability Information
CPE: cpe:/a:oracle:virtualization_secure_global_desktop
Required KB Items: Host/Oracle_Secure_Global_Desktop/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/20/2015
Vulnerability Publication Date: 1/20/2015
Reference Information
CVE: CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-3566, CVE-2014-3567, CVE-2014-5704
BID: 68678, 68742, 68745, 70574, 70586
CERT: 577193