ID CVE-2014-0419
Summary Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization SGD before 4.63 with December 2013 PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console and Workspace Web Applications.
References
Vulnerable Configurations
  • Oracle Virtualization Secure Global Desktop (SGD) 4.63
    cpe:2.3:a:oracle:virtualization_secure_global_desktop:4.63
  • Oracle Virtualization Secure Global Desktop (SGD) 4.71
    cpe:2.3:a:oracle:virtualization_secure_global_desktop:4.71
  • Oracle Virtualization Secure Global Desktop (SGD) 5.0
    cpe:2.3:a:oracle:virtualization_secure_global_desktop:5.0
  • Oracle Virtualization Secure Global Desktop (SGD) 5.10
    cpe:2.3:a:oracle:virtualization_secure_global_desktop:5.10
CVSS
Base: 5.1 (as of 16-01-2014 - 15:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Misc.
NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2014_CPU.NASL
description The remote host has a version of Oracle Secure Global Desktop installed that is affected by multiple vulnerabilities : - Specially crafted requests sent with chunked transfer encoding could allow a remote attacker to perform a 'limited' denial of service attack on the Tomcat server. (CVE-2012-3544) - The Tomcat server is affected by a session fixation vulnerability in the FORM authenticator. (CVE-2013-2067) - The Apache Tomcat AsyncListener method is affected by a cross-session information disclosure vulnerability when handling user requests. (CVE-2013-2071) - The Administration Console and Workspace Web Applications subcomponent is affected by an unspecified, remote vulnerability. (CVE-2014-0419)
last seen 2019-02-21
modified 2018-11-15
plugin id 72339
published 2014-02-05
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=72339
title Oracle Secure Global Desktop Multiple Vulnerabilities (January 2014 CPU)
refmap via4
bid
  • 64758
  • 64902
confirm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
osvdb 102110
sectrack 1029610
xf oracle-cpujan2014-cve20140419(90367)
Last major update 06-02-2014 - 23:51
Published 15-01-2014 - 11:08
Last modified 28-08-2017 - 21:34
Back to Top