Oracle Secure Global Desktop Multiple Vulnerabilities (January 2016 CPU) (Logjam)
medium Nessus Plugin ID 88049
Language:
Synopsis
The application installed on the remote host is affected by multiple vulnerabilities.Description
The version of Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.2 and is missing a security patch from the January 2016 Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities :- A flaw exists in the bundled version of Apache HTTP Server in the chunked transfer coding implementation due to a failure to properly parse chunk headers. A remote attacker can exploit this to conduct HTTP request smuggling attacks. (CVE-2015-3183)
- A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)
- An unspecified flaw exists in the SGD Core subcomponent that allows a remote attacker to cause a denial of service condition. (CVE-2016-0501)
Solution
Apply the appropriate patch according to the July 2016 Oracle Critical Patch Update advisory.See Also
Plugin Details
Severity: Medium
ID: 88049
File Name: oracle_secure_global_desktop_jan_2016_cpu.nasl
Version: 1.9
Type: local
Agent: windows, macosx, unix
Family: Misc.
Published: 1/21/2016
Updated: 10/25/2021
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: Medium
Score: 4.5
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Temporal Vector: E:U/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/a:oracle:virtualization_secure_global_desktop
Required KB Items: Host/Oracle_Secure_Global_Desktop/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 1/19/2016
Vulnerability Publication Date: 5/20/2015