Vulnerabilities > CVE-2019-14823 - Improperly Implemented Security Check for Standard vulnerability in multiple products

047910
CVSS 7.4 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
jss-cryptomanager-project
redhat
CWE-358
nessus

Summary

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3067.NASL
    descriptionAn update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Java Security Services (JSS) provides an interface between Java Virtual Machine and Network Security Services (NSS). It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System. Security Fix(es) : * JSS: OCSP policy
    last seen2020-06-01
    modified2020-06-02
    plugin id129959
    published2019-10-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129959
    titleRHEL 7 : jss (RHSA-2019:3067)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:3067. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129959);
      script_version("1.5");
      script_cvs_date("Date: 2019/12/19");
    
      script_cve_id("CVE-2019-14823");
      script_xref(name:"RHSA", value:"2019:3067");
    
      script_name(english:"RHEL 7 : jss (RHSA-2019:3067)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for jss is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Java Security Services (JSS) provides an interface between Java
    Virtual Machine and Network Security Services (NSS). It supports most
    of the security standards and encryption technologies supported by NSS
    including communication through SSL/TLS network protocols. JSS is
    primarily utilized by the Certificate Server as a part of the Identity
    Management System.
    
    Security Fix(es) :
    
    * JSS: OCSP policy 'Leaf and Chain' implicitly trusts the root
    certificate (CVE-2019-14823)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:3067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14823"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected jss, jss-debuginfo and / or jss-javadoc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jss-javadoc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:3067";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"jss-4.4.6-3.el7_7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jss-4.4.6-3.el7_7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"jss-debuginfo-4.4.6-3.el7_7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jss-debuginfo-4.4.6-3.el7_7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"jss-javadoc-4.4.6-3.el7_7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jss-javadoc-4.4.6-3.el7_7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jss / jss-debuginfo / jss-javadoc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-68C2FBCF82.NASL
    descriptionSecurity fix for CVE-2019-14823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130302
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130302
    titleFedora 30 : jss (2019-68c2fbcf82)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-24A0A2F24E.NASL
    descriptionSecurity fix for CVE-2019-14823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130294
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130294
    titleFedora 31 : jss (2019-24a0a2f24e)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-3067.NASL
    descriptionAn update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Java Security Services (JSS) provides an interface between Java Virtual Machine and Network Security Services (NSS). It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System. Security Fix(es) : * JSS: OCSP policy
    last seen2020-06-01
    modified2020-06-02
    plugin id130129
    published2019-10-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130129
    titleCentOS 7 : jss (CESA-2019:3067)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-3067.NASL
    descriptionFrom Red Hat Security Advisory 2019:3067 : An update for jss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Java Security Services (JSS) provides an interface between Java Virtual Machine and Network Security Services (NSS). It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System. Security Fix(es) : * JSS: OCSP policy
    last seen2020-06-01
    modified2020-06-02
    plugin id129987
    published2019-10-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129987
    titleOracle Linux 7 : jss (ELSA-2019-3067)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0219_JSS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has jss packages installed that are affected by a vulnerability: - A flaw was found in the Leaf and Chain OCSP policy implementation in JSS
    last seen2020-06-01
    modified2020-06-02
    plugin id131406
    published2019-12-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131406
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : jss Vulnerability (NS-SA-2019-0219)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20191016_JSS_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - JSS: OCSP policy
    last seen2020-03-18
    modified2019-10-17
    plugin id129997
    published2019-10-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129997
    titleScientific Linux Security Update : jss on SL7.x x86_64 (20191016)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0240_JSS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has jss packages installed that are affected by a vulnerability: - A flaw was found in the Leaf and Chain OCSP policy implementation in JSS
    last seen2020-06-01
    modified2020-06-02
    plugin id132487
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132487
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : jss Vulnerability (NS-SA-2019-0240)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-4D33C62860.NASL
    descriptionSecurity fix for CVE-2019-14823 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130299
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130299
    titleFedora 29 : jss (2019-4d33c62860)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3225.NASL
    descriptionAn update for jss is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Java Security Services (JSS) provides an interface between Java Virtual Machine and Network Security Services (NSS). It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System. Security Fix(es) : * JSS: OCSP policy
    last seen2020-04-23
    modified2019-10-30
    plugin id130378
    published2019-10-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130378
    titleRHEL 7 : jss (RHSA-2019:3225)

Redhat

advisories
  • bugzilla
    id1747435
    title implicitly trusts the root certificate
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentjss-javadoc is earlier than 0:4.4.6-3.el7_7
            ovaloval:com.redhat.rhsa:tst:20193067001
          • commentjss-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193067002
        • AND
          • commentjss is earlier than 0:4.4.6-3.el7_7
            ovaloval:com.redhat.rhsa:tst:20193067003
          • commentjss is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193067004
    rhsa
    idRHSA-2019:3067
    released2019-10-16
    severityImportant
    titleRHSA-2019:3067: jss security update (Important)
  • rhsa
    idRHSA-2019:3225
rpms
  • jss-0:4.4.6-3.el7_7
  • jss-debuginfo-0:4.4.6-3.el7_7
  • jss-javadoc-0:4.4.6-3.el7_7
  • jss-0:4.4.4-6.el7_6
  • jss-debuginfo-0:4.4.4-6.el7_6
  • jss-javadoc-0:4.4.4-6.el7_6