Vulnerabilities > CVE-2014-3604 - Cryptographic Issues vulnerability in NOT YET Commons SSL Project NOT YET Commons SSL 0.3.14
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-141.NASL description Updated not-yet-commons-ssl packages fixes security vulnerability : It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject last seen 2020-06-01 modified 2020-06-02 plugin id 82394 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82394 title Mandriva Linux Security Advisory : not-yet-commons-ssl (MDVSA-2015:141) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:141. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(82394); script_version("1.3"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_xref(name:"MDVSA", value:"2015:141"); script_name(english:"Mandriva Linux Security Advisory : not-yet-commons-ssl (MDVSA-2015:141)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated not-yet-commons-ssl packages fixes security vulnerability : It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject (CVE-2014-3604)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0551.html" ); script_set_attribute( attribute:"solution", value: "Update the affected not-yet-commons-ssl and / or not-yet-commons-ssl-javadoc packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:not-yet-commons-ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:not-yet-commons-ssl-javadoc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", reference:"not-yet-commons-ssl-0.3.15-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", reference:"not-yet-commons-ssl-javadoc-0.3.15-1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2014-10746.NASL description Fix jar path in install. Update to upstream 0.3.15. Fixes CVE-2014-3604 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-26 plugin id 77870 published 2014-09-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77870 title Fedora 19 : not-yet-commons-ssl-0.3.15-2.fc19 (2014-10746) NASL family Fedora Local Security Checks NASL id FEDORA_2014-10691.NASL description Fix jar path in install. Update to upstream 0.3.15. Fixes CVE-2014-3604. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-23 plugin id 77793 published 2014-09-23 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77793 title Fedora 21 : not-yet-commons-ssl-0.3.15-2.fc21 (2014-10691) NASL family Fedora Local Security Checks NASL id FEDORA_2014-10729.NASL description Fix jar path in install. Update to upstream 0.3.15. Fixes CVE-2014-3604 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-26 plugin id 77869 published 2014-09-26 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77869 title Fedora 20 : not-yet-commons-ssl-0.3.15-2.fc20 (2014-10729)
Redhat
| advisories |
|
References
- http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172
- http://rhn.redhat.com/errata/RHSA-2015-1888.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1131803
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97659
- https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml