- Home
- CVEs with nessus.description==The version of Oracle JRockit installed on the remote Windows host is R28 prior to R28.3.9. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the Security subcomponent due to a failure to reject MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange messages.
A man-in-the-middle attacker, by triggering collisions, can exploit this issue to spoof servers. (CVE-2015-7575)
- A memory corruption issue exists in the AWT subcomponent when decoding JPEG files. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-0483)
- A collision-based forgery vulnerability, known as SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes), exists in the TLS protocol due to accepting RSA-MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange messages during a TLS handshake. A man-in-the-middle attacker can exploit this, via a transcript collision attack, to impersonate a TLS server. (CVE-2015-7575) (CVE-2016-0475)
- A denial of service vulnerability exists in the JAXP subcomponent during the handling of expanded general entities. A remote attacker can exploit this to bypass the 'totalEntitySizeLimit' restrictions and exhaust available memory. (CVE-2016-0466)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top