Oracle JRockit R28.3.5 Multiple Vulnerabilities (April 2015 CPU) (FREAK)

Medium Nessus Plugin ID 82830


The remote Windows host contains a programming platform that is affected by multiple vulnerabilities.


The remote Windows host has a version of Oracle JRockit installed that is affected by multiple vulnerabilities :

- A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)

- A flaw exists in the Java Cryptography Extension (JCE) subcomponent due to an implementation error in the RSA signature. A remote attacker can exploit this flaw to disclose sensitive information. (CVE-2015-0478)

- A flaw exists in the JSSE subcomponent due to improper parsing of X.509 certificate options. A remote attacker can exploit this flaw to trigger an application termination, resulting in a denial of service.


Upgrade to Oracle JRockit version R28.3.6 or later as referenced in the April 2015 Oracle Critical Patch Update advisory.

See Also

Plugin Details

Severity: Medium

ID: 82830

File Name: oracle_jrockit_cpu_apr_2015.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 2015/04/16

Updated: 2019/11/22

Dependencies: 69304

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2015-0478

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jrockit

Required KB Items: installed_sw/Oracle JRockit

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/04/14

Vulnerability Publication Date: 2015/01/06

Reference Information

CVE: CVE-2015-0204, CVE-2015-0478, CVE-2015-0488

BID: 71936, 74147

CERT: 243585