Vulnerabilities > CVE-2014-3603 - Improper Validation of Certificate with Host Mismatch vulnerability in Shibboleth Identity Provider and Opensaml Java
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-10235.NASL description - OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-08-10 plugin id 85283 published 2015-08-10 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85283 title Fedora 22 : opensaml-java-2.5.3-9.fc22 / opensaml-java-openws-1.5.5-2.fc22 (2015-10235) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-10235. # include("compat.inc"); if (description) { script_id(85283); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-3603"); script_xref(name:"FEDORA", value:"2015-10235"); script_name(english:"Fedora 22 : opensaml-java-2.5.3-9.fc22 / opensaml-java-openws-1.5.5-2.fc22 (2015-10235)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: " - OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1131823" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163153.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?102294ef" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163154.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d030ce3c" ); script_set_attribute( attribute:"solution", value: "Update the affected opensaml-java and / or opensaml-java-openws packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:opensaml-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:opensaml-java-openws"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/04"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"opensaml-java-2.5.3-9.fc22")) flag++; if (rpm_check(release:"FC22", reference:"opensaml-java-openws-1.5.5-2.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opensaml-java / opensaml-java-openws"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2015-10175.NASL description - OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-08-10 plugin id 85282 published 2015-08-10 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85282 title Fedora 21 : opensaml-java-2.5.3-9.fc21 / opensaml-java-openws-1.5.5-2.fc21 (2015-10175) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-10175. # include("compat.inc"); if (description) { script_id(85282); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-3603"); script_xref(name:"FEDORA", value:"2015-10175"); script_name(english:"Fedora 21 : opensaml-java-2.5.3-9.fc21 / opensaml-java-openws-1.5.5-2.fc21 (2015-10175)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: " - OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1131823" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163146.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?988f0739" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163147.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3b01f281" ); script_set_attribute( attribute:"solution", value: "Update the affected opensaml-java and / or opensaml-java-openws packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:opensaml-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:opensaml-java-openws"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/04"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"opensaml-java-2.5.3-9.fc21")) flag++; if (rpm_check(release:"FC21", reference:"opensaml-java-openws-1.5.5-2.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opensaml-java / opensaml-java-openws"); }
References
- http://secunia.com/advisories/60816
- http://secunia.com/advisories/60816
- http://shibboleth.net/community/advisories/secadv_20140813.txt
- http://shibboleth.net/community/advisories/secadv_20140813.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1131823
- https://bugzilla.redhat.com/show_bug.cgi?id=1131823