Available Exploits 

• HTTP SSL/TLS Version Detection (POODLE scanner)
• Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy

Description

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

References

• AMAZON-ALAS-2015-480
• APPLE-APPLE-SA-2014-10-16-1
• APPLE-APPLE-SA-2014-10-16-3
• APPLE-APPLE-SA-2014-10-16-4
• APPLE-APPLE-SA-2014-10-20-1
• APPLE-APPLE-SA-2014-10-20-2
• APPLE-APPLE-SA-2015-01-27-4
• APPLE-APPLE-SA-2015-09-16-2
• BID-70574
• BID-72155
• BID-72168
• BID-72169
• BID-72173
• BID-72175
• CERT-TA14-290A
• CERT-VN-577193
• CVE-2014-3566
• CVE-2014-6585
• CVE-2014-6587
• CVE-2014-6591
• CVE-2014-6593
• CVE-2014-6601
• CVE-2015-0383
• CVE-2015-0395
• CVE-2015-0407
• CVE-2015-0408
• CVE-2015-0410
• CVE-2015-0412
• DEBIAN-DSA-3053
• DEBIAN-DSA-3144
• DEBIAN-DSA-3147
• DEBIAN-DSA-3253
• DISA_SEVERITY-Category I
• DISA_VMSKEY-V0058513
• DISA_VMSKEY-V0058515
• DISA_VMSKEY-V0058517
• DISA_VMSKEY-V0061081
• IAVM-2015-A-0154
• IAVM-2015-B-0012
• IAVM-2015-B-0013
• IAVM-2015-B-0014
• NETBSD-NetBSD-SA2014-015
• REDHAT-RHSA-2014:1652
• REDHAT-RHSA-2014:1653
• REDHAT-RHSA-2014:1692
• REDHAT-RHSA-2014:1876
• REDHAT-RHSA-2014:1877
• REDHAT-RHSA-2014:1880
• REDHAT-RHSA-2014:1881
• REDHAT-RHSA-2014:1882
• REDHAT-RHSA-2014:1920
• REDHAT-RHSA-2014:1948
• REDHAT-RHSA-2015:0068
• REDHAT-RHSA-2015:0079
• REDHAT-RHSA-2015:0080
• REDHAT-RHSA-2015:0085
• REDHAT-RHSA-2015:0086
• REDHAT-RHSA-2015:0136
• REDHAT-RHSA-2015:0264
• REDHAT-RHSA-2015:0698
• REDHAT-RHSA-2015:1545
• REDHAT-RHSA-2015:1546
• XF-100140
• XF-100142
• XF-100143
• XF-100148
• XF-100150
• XF-100151

Solution Reference

Solution

Related Vulnerabilities

• Gentoo Linux: CVE-2015-0412: IcedTea: Multiple vulnerabilities
• Palo Alto Networks PAN-SA-2014-0005 (CVE-2014-3566): SSL 3.0 MITM Attack
• HP-UX: CVE-2015-0408: JRE and JDK Vulnerability on HPUX
• SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
• OS X security update 2015-001 for AFP Server (CVE-2014-3566)
• Oracle Solaris 11: CVE-2014-3566: Vulnerability in Multiple Components
• Juniper Junos OS: 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL "POODLE" vulnerability (JSA10656) (CVE-2014-3566)
• IBM WebSphere Application Server: CVE-2014-3566: IBM Potential Security Vulnerabilities fixed in IBM WebSphere Application Server
• OS X update for OpenSSL (CVE-2014-3566)
• Cent OS: CVE-2014-6587: CESA-2015:0085 (java-1.6.0-openjdk)
• HP-UX: CVE-2014-6593: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
• RHSA-2015:0067: java-1.7.0-openjdk security update
• Amazon Linux AMI: Security patch for nss (ALAS-2014-429) (CVE-2014-3566)
• Java CPU January 2015 Java SE RMI vulnerability (CVE-2015-0408)
• SUSE: CVE-2014-6585: SUSE Linux Security Advisory
• HP-UX: CVE-2014-3566: Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
• ELSA-2014-1653 Moderate: Oracle Linux openssl security update
• Cisco IOS: CVE-2014-3566: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
• IBM AIX: java_feb2015_advisory (CVE-2014-6587): Vulnerability in IBM Java SDK affects AIX
• Gentoo Linux: CVE-2014-6591: IcedTea: Multiple vulnerabilities
• HP-UX: CVE-2015-0383: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
• Java CPU January 2015 Java SE, Java SE Embedded, JRockit Security vulnerability (CVE-2015-0410)
• ELSA-2015-0067 Critical: Oracle Linux java-1.7.0-openjdk security update
• Gentoo Linux: CVE-2014-6585: IcedTea: Multiple vulnerabilities
• IBM HTTP Server: CVE-2014-3566: IBM HTTP Server should disable weak SSL protocols and ciphers by default
• Gentoo Linux: CVE-2015-0383: IcedTea: Multiple vulnerabilities
• Gentoo Linux: CVE-2015-0395: IcedTea: Multiple vulnerabilities
• USN-2486-1: OpenJDK 6 vulnerabilities
• IBM AIX: java_feb2015_advisory (CVE-2014-6591): Vulnerability in IBM Java SDK affects AIX
• Cent OS: CVE-2015-0383: CESA-2015:0085 (java-1.6.0-openjdk)
• OpenSSL SSL 3.0 Fallback protection (CVE-2014-3566)
• Gentoo Linux: CVE-2014-6587: IcedTea: Multiple vulnerabilities
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
• Java CPU January 2015 Java SE Hotspot vulnerability (CVE-2014-6601)
• IBM WebSphere Application Server: CVE-2014-6593: IBM Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU
• RHSA-2014:1882: java-1.7.0-ibm security update
• SUSE: CVE-2015-0383: SUSE Linux Security Advisory
• RHSA-2015:0080: java-1.8.0-oracle security update
• ELSA-2015-0069 Important: Oracle Linux java-1.8.0-openjdk security update
• DSA-3147-1 openjdk-6 -- security update
• HP-UX: CVE-2014-6601: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
• Oracle Solaris 11: CVE-2014-6591: Vulnerability in Localization (L10N)
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
• HP Systems Insight Manager - HPSBMU03261 (CVE-2014-3566): OpenSSL on Linux and Windows, Remote Disclosure of Information
• Debian: CVE-2014-3566: lighttpd -- security update
• RHSA-2014:1881: java-1.5.0-ibm security update
• F5 Networks: K15702 (CVE-2014-3566): SSLv3 vulnerability CVE-2014-3566
• Sun Patch: Indexing and Search Service 1u5-29.15600: core patch
• Amazon Linux AMI: Security patch for java-1.8.0-openjdk (ALAS-2015-571) (multiple CVEs)
• IBM AIX: java_feb2015_advisory (CVE-2015-0407): Vulnerability in IBM Java SDK affects AIX
• Java CPU January 2015 Java SE Swing vulnerability (CVE-2015-0407)
• TLS/SSL Server Supports SSLv3
• Gentoo Linux: CVE-2015-0408: IcedTea: Multiple vulnerabilities
• RHSA-2015:0086: java-1.6.0-sun security update
• Amazon Linux AMI: Security patch for java-1.8.0-openjdk (ALAS-2015-472) (multiple CVEs)
• Sun Patch: SunOS 5.10: wanboot patch
• Gentoo Linux: CVE-2015-0407: IcedTea: Multiple vulnerabilities
• IBM AIX: java_feb2015_advisory (CVE-2014-6585): Vulnerability in IBM Java SDK affects AIX
• RHSA-2015:0263: Red Hat Satellite IBM Java Runtime security update
• DSA-3323-1 icu -- security update
• ELSA-2015-0085 Important: Oracle Linux java-1.6.0-openjdk security update
• Java CPU January 2015 Java SE, Java SE Embedded, JRockit JSSE vulnerability (CVE-2014-6593)
• RHSA-2015:0079: java-1.7.0-oracle security update
• Gentoo Linux: CVE-2014-6593: IcedTea: Multiple vulnerabilities
• HP-UX: CVE-2015-0410: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
• Cent OS: CVE-2014-3566: CESA-2015:0085 (java-1.6.0-openjdk)
• FreeBSD: davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) (CVE-2014-3566)
• RHSA-2015:1545: node.js security update
• DSA-3144-1 openjdk-7 -- security update
• RHSA-2015:0068: java-1.7.0-openjdk security update
• IBM WebSphere Application Server: CVE-2015-0410: IBM Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU
• SUSE: CVE-2014-6593: SUSE Linux Security Advisory
• Sun Patch: SunOS 5.10_x86: openssl patch
• USN-2522-3: ICU vulnerabilities
• HP-UX: CVE-2015-0412: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
• ELSA-2015-0068 Important: Oracle Linux java-1.7.0-openjdk security update
• Gentoo Linux: CVE-2014-6601: IcedTea: Multiple vulnerabilities
• HP System Management Homepage - HPSBMU03260 (CVE-2014-3566): OpenSSL on Linux and Windows, Remote Disclosure of Information
• Java CPU January 2015 Java SE JAX-WS vulnerability (CVE-2015-0412)
• Cisco NX-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (Multiple CVEs)
• RHSA-2015:0085: java-1.6.0-openjdk security update
• IBM AIX: java_feb2015_advisory (CVE-2015-0410): Vulnerability in IBM Java SDK affects AIX
• Java CPU January 2015 Java SE Libraries vulnerability (CVE-2014-6587)
• FreeBSD: (Multiple Advisories) (CVE-2014-3566): lynx -- multiple vulnerabilities
• Cent OS: CVE-2014-6585: CESA-2015:0085 (java-1.6.0-openjdk)
• ELSA-2014-1652 Important: Oracle Linux openssl security update
• Sun Patch: VM Server for SPARC 3.1: ldmd patch
• Cisco SAN-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (CVE-2014-3566)
• HP-UX: CVE-2015-0407: JRE and JDK Vulnerability on HPUX
• IBM AIX: java_feb2015_advisory, java_oct2014_advisory, nettcp_advisory, openssl_advisory11 (CVE-2014-3566): Vulnerability in IBM Java SDK affects AIX
• RHSA-2014:1877: java-1.6.0-ibm security update
• RHSA-2014:1880: java-1.7.1-ibm security update
• SUSE: CVE-2014-6587: SUSE Linux Security Advisory
• Gentoo Linux: CVE-2015-0410: Oracle JRE/JDK: Multiple vulnerabilities
• Gentoo Linux: CVE-2014-3566: Asterisk: Multiple Vulnerabilities
• Jenkins Advisory 2014-10-15: CVE-2014-3566: Poodle vulnerability
• HP-UX: CVE-2015-0395: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
• USN-2522-1: ICU vulnerabilities
• Java CPU January 2015 Java SE, Java SE Embedded, JRockit JSSE vulnerability (CVE-2014-3566)
• Java CPU January 2015 Java SE 2D vulnerability (CVE-2014-6585)