SynopsisThe remote AIX host has a version of Java SDK installed that is affected by multiple TLS security downgrades.
DescriptionThe version of Java SDK installed on the remote host is affected by multiple vulnerabilities :
- A man-in-the-middle information disclosure vulnerability exists due to a TLS security downgrade flaw. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic.
- A flaw exists in the RC4 algorithm implementation due to improper combination of state data with key data during the initialization phase. A man-in-the-middle attacker can exploit this to conduct plaintext-recovery attacks.
SolutionFixes are available by version and can be downloaded from the IBM AIX website.