Vulnerabilities > CVE-2014-0848 - Cryptographic Issues vulnerability in IBM Netezza Performance Portal
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:66189 CVE ID:CVE-2014-0848 IBM Netezza数据仓库应用设备将存储、处理、数据库和分析融入到一个高性能数据仓库设备中,使大数据高级分析更简单、更迅捷和更易用。 IBM Netezza Performance Portal所使用的Apache WEB服务器默认配置使用低强度的SSL加密,允许攻击者利用漏洞比较容易的进行破解攻击。 0 IBM Netezza Performance Portal 2.0 IBM Netezza Performance Portal 2.0.0.4已经修复该漏洞,建议用户下载更新: http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information+Management&product=ibm/Information+Management/Netezza+Applications&release=PERFPORTAL_2.0&platform=All&function=fixId&fixids=2.0.0.4-IM-Netezza-PERFPORTAL-fp79189 |
| id | SSV:61835 |
| last seen | 2017-11-19 |
| modified | 2014-03-18 |
| published | 2014-03-18 |
| reporter | Root |
| title | IBM Netezza Performance Portal安全绕过漏洞 |