Vulnerabilities > CVE-2019-1559 - Information Exposure Through Discrepancy vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0658-1.NASL description This update for nodejs4 fixes the following issues : Security issues fixed : CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127533). CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122999 published 2019-03-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122999 title SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0658-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B71D71933C5411E9A3F900155D006B02.NASL description Node.js reports : Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have decided to withhold the fix for the Misinterpretation of Input (CWE-115) flaw mentioned in the original announcement. This flaw is very low severity and we are not satisfied that we had a complete and stable fix ready for release. We will be seeking to address this flaw via alternate mechanisms in the near future. In addition, we have introduced an additional CVE for a change in Node.js 6 that we have decided to classify as a Denial of Service (CWE-400) flaw. We recommend that all Node.js users upgrade to a version listed below as soon as possible. OpenSSL: 0-byte record padding oracle (CVE-2019-1559) OpenSSL 1.0.2r contains a fix for CVE-2019-1559 and is included in the releases for Node.js versions 6 and 8 only. Node.js 10 and 11 are not impacted by this vulnerability as they use newer versions of OpenSSL which do not contain the flaw. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data. Only TLS connections using certain ciphersuites executing under certain conditions are exploitable. We are currently unable to determine whether the use of OpenSSL in Node.js exposes this vulnerability. We are taking a cautionary approach and recommend the same for users. For more information, see the advisory and a detailed write-up by the reporters of the vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 122571 published 2019-03-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122571 title FreeBSD : Node.js -- multiple vulnerabilities (b71d7193-3c54-11e9-a3f9-00155d006b02) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2471.NASL description An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127877 published 2019-08-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127877 title RHEL 6 : openssl (RHSA-2019:2471) NASL family AIX Local Security Checks NASL id AIX_OPENSSL_ADVISORY30.NASL description The version of OpenSSL installed on the remote AIX host is affected by a side channel attack information disclosure vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 125708 published 2019-06-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125708 title AIX OpenSSL Advisory : openssl_advisory30.asc NASL family Fedora Local Security Checks NASL id FEDORA_2019-9A0A7C0986.NASL description Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129368 published 2019-09-26 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129368 title Fedora 29 : 1:compat-openssl10 (2019-9a0a7c0986) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1637.NASL description This update for compat-openssl098 fixes the following issues : - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Fixed last seen 2020-06-01 modified 2020-06-02 plugin id 126327 published 2019-06-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126327 title openSUSE Security Update : compat-openssl098 (openSUSE-2019-1637) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1188.NASL description A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.(CVE-2018-5407) If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-06-01 modified 2020-06-02 plugin id 124124 published 2019-04-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124124 title Amazon Linux 2 : openssl (ALAS-2019-1188) NASL family Fedora Local Security Checks NASL id FEDORA_2019-DB06EFDEA1.NASL description Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129653 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129653 title Fedora 31 : 1:compat-openssl10 (2019-db06efdea1) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2019-2471.NASL description An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128111 published 2019-08-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128111 title Virtuozzo 6 : openssl / openssl-devel / openssl-perl / etc (VZLSA-2019-2471) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2471.NASL description An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127918 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127918 title CentOS 6 : openssl (CESA-2019:2471) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2439.NASL description An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance (4.3). (BZ#1669364, BZ#1684987, BZ#1697231, BZ#1720255) Security Fix(es) : * rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881) * openssl: 0-byte record padding oracle (CVE-2019-1559) * undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127830 published 2019-08-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127830 title RHEL 7 : Virtualization Manager (RHSA-2019:2439) NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_JUL_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Connector Framework (Apache CXF)), which could allow an unauthenticated, remote attacker to compromise Enterprise Manager Base Platform. (CVE-2018-8039) - An unspecified vulnerability in the Oracle Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Valid Session (Apache ActiveMQ)), which could allow an unauthenticated, remote attacker to compromise Oracle Enterprise Manager Base Platform. (CVE-2019-0222) - An unspecified vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: Discovery Framework (OpenSSL)), which could allow and unauthenticated, remote attacker to compromise Enterprise Manager Base Platform. (CVE-2019-1559) last seen 2020-06-01 modified 2020-06-02 plugin id 126775 published 2019-07-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126775 title Oracle Enterprise Manager Cloud Control (Jul 2019 CPU) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2304.NASL description An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: 0-byte record padding oracle (CVE-2019-1559) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127710 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127710 title RHEL 7 : openssl (RHSA-2019:2304) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0019_OPENSSL.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable non- stitched ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). (CVE-2019-1559) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-03-08 plugin id 134318 published 2020-03-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134318 title NewStart CGSL MAIN 4.05 : openssl Vulnerability (NS-SA-2020-0019) NASL family Scientific Linux Local Security Checks NASL id SL_20190813_OPENSSL_ON_SL6_X.NASL description Security Fix(es) : - openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-08-14 plugin id 127881 published 2019-08-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127881 title Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20190813) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1105.NASL description This update for openssl-1_0_0 fixes the following issues : Security issues fixed : - The 9 Lives of Bleichenbacher last seen 2020-06-01 modified 2020-06-02 plugin id 123652 published 2019-04-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123652 title openSUSE Security Update : openssl-1_0_0 (openSUSE-2019-1105) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1076.NASL description This update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127533). - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).	 This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123495 published 2019-03-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123495 title openSUSE Security Update : nodejs4 (openSUSE-2019-1076) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1173.NASL description This update for nodejs6 to version 6.17.0 fixes the following issues : Security issues fixed : - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127533). - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Release Notes: https://nodejs.org/en/blog/release/v6.17.0/ This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123919 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123919 title openSUSE Security Update : nodejs6 (openSUSE-2019-1173) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10949.NASL description The version of Junos OS installed on the remote host is prior to 12.3X48-D80, 14.1X53-D51, 15.1F6-S13, 15.1X49-D171, 15.1X53-D238, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.3R3-S4, 17.4R1-S7, 18.1R2-S4, 18.2R1-S5, 18.2X75-D50, 18.3R1-S3, 18.4R1-S2, or 19.1R1-S1. It is, therefore, affected by a vulnerability as referenced in the JSA10949 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 130516 published 2019-11-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130516 title Juniper JSA10949 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1145.NASL description According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.(CVE-2018-5407) - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-05-06 modified 2019-04-02 plugin id 123619 published 2019-04-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123619 title EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1145) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1701.NASL description Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-06-01 modified 2020-06-02 plugin id 122549 published 2019-03-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122549 title Debian DLA-1701-1 : openssl security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1548.NASL description According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash.(CVE-2015-1791) - An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789) - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.(CVE-2009-0590) - An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution.(CVE-2014-8176) - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.(CVE-2011-4108) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.(CVE-2007-5135) - A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash.(CVE-2014-3571) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.(CVE-2012-2110) - It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.(CVE-2009-1386) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.(CVE-2009-4355) - A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.(CVE-2014-3507) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of last seen 2020-06-01 modified 2020-06-02 plugin id 125001 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125001 title EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1548) NASL family Misc. NASL id NESSUS_TNS_2019_02.NASL description According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 8.3.0. It is, therefore, affected by: - An information disclosure vulnerability exists in OpenSSL. A remote attacker may be able to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. (CVE-2019-1559) - A denial of service (DoS) vulnerability exists in the moment module before 2.19.3 for Node.js. An unauthenticated, remote attacker can exploit this issue, via regular expression of crafted date string different than CVE-2016-4055 to cause the CPU consumption. (CVE-2017-18214) - A denial of service (DoS) vulnerability exists in the duration function in the moment package before 2.11.2 for Node.js. An unauthenticated, remote attackers can exploit this issue, via date string ReDoS which will cause CPU consumption. (CVE-2016-4055) last seen 2020-06-01 modified 2020-06-02 plugin id 123462 published 2019-03-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123462 title Tenable Nessus < 8.3.0 Multiple Vulnerabilities (TNS-2019-02) NASL family Databases NASL id MYSQL_5_6_44.NASL description The version of MySQL running on the remote host is 5.6.x prior to 5.6.44. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the April 2019 Critical Patch Update advisory: - An unspecified vulnerability in the last seen 2020-04-18 modified 2019-04-18 plugin id 124158 published 2019-04-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124158 title MySQL 5.6.x < 5.6.44 Multiple Vulnerabilities (Apr 2019 CPU) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3899-1.NASL description Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122500 published 2019-02-28 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122500 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerability (USN-3899-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1188.NASL description A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. (CVE-2018-5407) If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-06-01 modified 2020-06-02 plugin id 123957 published 2019-04-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123957 title Amazon Linux AMI : openssl (ALAS-2019-1188) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1175.NASL description This update for openssl fixes the following issues : Security issues fixed : - The 9 Lives of Bleichenbacher last seen 2020-06-01 modified 2020-06-02 plugin id 123920 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123920 title openSUSE Security Update : openssl (openSUSE-2019-1175) NASL family Misc. NASL id ORACLE_MYSQL_CONNECTORS_CPU_APR_2019.NASL description The version of Oracle MySQL Connectors installed on the remote host is 8.0.x prior to 8.0.16 or 5.3.x prior to 5.3.13. It is, therefore, affected by multiple vulnerabilities as noted in the April 2019 Critical Patch Update advisory: - An unspecified vulnerability in Connector/J subcomponent. An authenticated attacker can exploit this issue, to take a full control over the target system. (CVE-2019-2692) - A padding oracle vulnerability exists in Connector/ODBC (OpenSSL) subcomponent. If the application is configured to use last seen 2020-04-18 modified 2019-05-22 plugin id 125340 published 2019-05-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125340 title Oracle MySQL Connectors Multiple Vulnerabilities (Apr 2019 CPU) NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in Networking (cURL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-3822) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-1559) - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow a low privileged attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-2728) last seen 2020-06-01 modified 2020-06-02 plugin id 126777 published 2019-07-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126777 title Oracle Enterprise Manager Ops Center (Jul 2019 CPU) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1608-1.NASL description This update for compat-openssl098 fixes the following issues : CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) Reject invalid EC point coordinates (bsc#1131291) Fixed last seen 2020-06-01 modified 2020-06-02 plugin id 126162 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126162 title SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2019:1608-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2304.NASL description An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: 0-byte record padding oracle (CVE-2019-1559) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128388 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128388 title CentOS 7 : openssl (CESA-2019:2304) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2019-0040.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Oracle bug 28730228: backport (CVE-2018-0732) - Oracle bug 28758493: backport (CVE-2018-0737) - Merge upstream patch to fix (CVE-2018-0739) - Avoid out-of-bounds read. Fixes CVE-2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 - fix CVE-2019-1559 - 0-byte record padding oracle last seen 2020-06-01 modified 2020-06-02 plugin id 127975 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127975 title OracleVM 3.4 : openssl (OVMSA-2019-0040) NASL family Databases NASL id MYSQL_5_7_27.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.26. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the April 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the last seen 2020-04-18 modified 2019-04-18 plugin id 124159 published 2019-04-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124159 title MySQL 5.7.x < 5.7.26 Multiple Vulnerabilities (Apr 2019 CPU) (Jul 2019 CPU) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1258.NASL description According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-03-19 modified 2019-04-04 plugin id 123726 published 2019-04-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123726 title EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1258) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1325.NASL description According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-05-06 modified 2019-05-06 plugin id 124611 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124611 title EulerOS 2.0 SP2 : openssl (EulerOS-SA-2019-1325) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0803-1.NASL description This update for openssl fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher last seen 2020-06-01 modified 2020-06-02 plugin id 123547 published 2019-04-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123547 title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2019:0803-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3929.NASL description Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es) : * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * openssl: 0-byte record padding oracle (CVE-2019-1559) * tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072) * tomcat: XSS in SSI printenv (CVE-2019-0221) * tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-11-22 plugin id 131214 published 2019-11-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131214 title RHEL 6 / 7 / 8 : JBoss Web Server (RHSA-2019:3929) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-057-01.NASL description New openssl packages are available for Slackware 14.2 to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 122469 published 2019-02-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122469 title Slackware 14.2 : openssl (slackware 14.2) (SSA:2019-057-01) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4400.NASL description Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. last seen 2020-06-01 modified 2020-06-02 plugin id 122519 published 2019-03-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122519 title Debian DSA-4400-1 : openssl1.0 - security update NASL family Scientific Linux Local Security Checks NASL id SL_20190806_OPENSSL_ON_SL7_X.NASL description Security Fix(es) : - openssl: 0-byte record padding oracle (CVE-2019-1559) - openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) last seen 2020-03-18 modified 2019-08-27 plugin id 128247 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128247 title Scientific Linux Security Update : openssl on SL7.x x86_64 (20190806) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0176_OPENSSL.NASL description The remote NewStart CGSL host, running version MAIN 4.06, has openssl packages installed that are affected by a vulnerability: - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable non- stitched ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). (CVE-2019-1559) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 128687 published 2019-09-11 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128687 title NewStart CGSL MAIN 4.06 : openssl Vulnerability (NS-SA-2019-0176) NASL family Databases NASL id MYSQL_8_0_16.NASL description The version of MySQL running on the remote host is 8.0.x prior to 8.0.16. It is, therefore, affected by multiple vulnerabilities, including four of the top vulnerabilities below, as noted in the April 2019 and July 2019 Critical Patch Update advisories: - An unspecified vulnerability in the last seen 2020-04-18 modified 2019-04-18 plugin id 124160 published 2019-04-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124160 title MySQL 8.0.x < 8.0.16 Multiple Vulnerabilities (Apr 2019 CPU) (Jul 2019 CPU) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1553-1.NASL description This update for openssl fixes the following issues : CVE-2018-0732: Reject excessively large primes in DH key generation (bsc#1097158) CVE-2018-0734: Timing vulnerability in DSA signature generation (bsc#1113652) CVE-2018-0737: Cache timing vulnerability in RSA Key Generation (bsc#1089039) CVE-2018-5407: Elliptic curve scalar multiplication timing attack defenses (fixes last seen 2020-06-01 modified 2020-06-02 plugin id 126046 published 2019-06-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126046 title SUSE SLES12 Security Update : openssl (SUSE-SU-2019:1553-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0600-1.NASL description This update for openssl-1_0_0 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher last seen 2020-06-01 modified 2020-06-02 plugin id 122810 published 2019-03-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122810 title SUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2019:0600-1) NASL family Misc. NASL id ORACLE_BI_PUBLISHER_OCT_2019_CPU.NASL description The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.191015 or 12.2.1.3.x prior to 12.2.1.3.191015 or 12.2.1.4.x prior to 12.2.1.4.191015. It is, therefore, affected by multiple vulnerabilities as noted in the October 2019 Critical Patch Update advisory: - An unspecified vulnerability in the Installation component of Oracle BI Publisher that allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. (CVE-2019-2905) - An unspecified vulnerability in the MobileService component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise BI Publisher. A successful attack requires human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. (CVE-2019-2906) - An unspecified vulnerability in the BI PublisherSecurity component of Oracle BI Publisher could allow a low privileged attacker with networkaccess via HTTP to compromise Oracle BI Publisher. A successful attack of this vulnerability canresult in unauthorized read access to a subset of BIPublisher accessible data (CVE-2019-2898) - An unspecified vulnerability in the Analytics Actions component of Oracle BI Publisher could allow a low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. (CVE-2019-2897) - An unspecified vulnerability in the Secure Store (OpenSSL) component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTPS to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher data. (CVE-2019-1559) - An unspecified vulnerability in the BI Platform Security (JQuery) component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. (CVE-2016-7103) - An unspecified vulnerability in the Analytics Actions component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. (CVE-2019-2900) - An unspecified vulnerability in the BI Platform Security component of Oracle BI Publisher could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. (CVE-2019-3012) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-05-31 modified 2019-11-06 plugin id 130589 published 2019-11-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130589 title Oracle Business Intelligence Publisher Multiple Vulnerabilities (Oct 2019 CPU) NASL family Misc. NASL id TENABLE_NESSUS_AGENT_TNS_2019_03.NASL description The version of Nessus Agent installed on the remote Windows host is prior to 7.4.0. It is, therefore, affected by one of the third-party components (OpenSSL) was found to contain a single vulnerability, and updated versions have been made available by the providers. last seen 2020-06-01 modified 2020-06-02 plugin id 125882 published 2019-06-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125882 title Tenable Nessus Agent < 7.4.0 Third Party Vulnerability (OpenSSL) (TNS-2019-03) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0818-1.NASL description This update for nodejs6 to version 6.17.0 fixes the following issues : Security issues fixed : CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127533). CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Release Notes: https://nodejs.org/en/blog/release/v6.17.0/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123551 published 2019-04-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123551 title SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:0818-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2437.NASL description An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host last seen 2020-06-01 modified 2020-06-02 plugin id 127986 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127986 title RHEL 7 : Virtualization Manager (RHSA-2019:2437) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1362.NASL description If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-06-01 modified 2020-06-02 plugin id 131030 published 2019-11-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131030 title Amazon Linux 2 : openssl (ALAS-2019-1362) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-2471.NASL description From Red Hat Security Advisory 2019:2471 : An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127981 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127981 title Oracle Linux 6 : openssl (ELSA-2019-2471) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201903-10.NASL description The remote host is affected by the vulnerability described in GLSA-201903-10 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. A local attacker could run a malicious process next to legitimate processes using the architecture’s parallel thread running capabilities to leak encrypted data from the CPU’s internal processes. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 122832 published 2019-03-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122832 title GLSA-201903-10 : OpenSSL: Multiple vulnerabilities NASL family Web Servers NASL id OPENSSL_1_0_2R.NASL description According to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2r. It is, therefore, affected by an information disclosure vulnerability due to the decipherable way a application responds to a 0 byte record. An unauthenticated, remote attacker could exploit this vulnerability, via a padding oracle attack, to potentially disclose sensitive information. Note: Only last seen 2020-06-01 modified 2020-06-02 plugin id 122504 published 2019-03-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122504 title OpenSSL 1.0.x < 1.0.2r Information Disclosure Vulnerability NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1400.NASL description According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-06-01 modified 2020-06-02 plugin id 124903 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124903 title EulerOS Virtualization for ARM 64 3.0.1.0 : openssl (EulerOS-SA-2019-1400) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7700061F34F711E9B95CB499BAEBFEAF.NASL description The OpenSSL project reports : 0-byte record padding oracle (CVE-2019-1559) (Moderate) If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. last seen 2020-06-01 modified 2020-06-02 plugin id 122359 published 2019-02-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122359 title FreeBSD : OpenSSL -- Padding oracle vulnerability (7700061f-34f7-11e9-b95c-b499baebfeaf) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0206_OPENSSL.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734) - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable non- stitched ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). (CVE-2019-1559) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 129941 published 2019-10-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129941 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0206) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0254_OPENSSL.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734) - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable non- stitched ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). (CVE-2019-1559) - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). (CVE-2018-0735) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132467 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132467 title NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2019-0254) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1326.NASL description According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-05-06 modified 2019-05-06 plugin id 124612 published 2019-05-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124612 title EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-1326) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1362-1.NASL description This update for openssl fixes the following issues : Security issue fixed : CVE-2019-1559: Fixed a 0-byte record padding oracle via SSL_shutdown (bsc#1127080). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125535 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125535 title SUSE SLES12 Security Update : openssl (SUSE-SU-2019:1362-1) NASL family Misc. NASL id ORACLE_BI_PUBLISHER_JAN_2020_CPU.NASL description The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.9.x prior to 11.1.1.9.200114 or 12.2.1.3.x prior to 12.2.1.3.200114 or 12.2.1.4.x prior to 12.2.1.4.200114. It is, therefore, affected by multiple vulnerabilities as noted in the January 2020 Critical Patch Update advisory: - An unspecified vulnerability in the Analytics Server and Analytics Web General (OpenSSL)) component of Oracle BI Publisher. The vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Oracle BI Publisher. A successful attack could result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. (CVE-2019-1559) - An unspecified vulnerability in the BI Platform Security) component of Oracle BI Publisher. The vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Oracle BI Publisher. A successful attack would require human interaction from a person other than the attacker resulting in unauthorized read access to a subset of Oracle BI Publisher accessible data. (CVE-2020-2531) - An unspecified vulnerability in the Analytics Server) component of Oracle BI Publisher. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. A successful attack would require human interaction from a person other than the attacker resulting in unauthorized read access to a subset of Oracle BI Publisher accessible data.(CVE-2020-2535) - An unspecified vulnerability in the Analytics Actions) component of Oracle BI Publisher. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. A successful attack would require human interaction from a person other than the attacker resulting in unauthorized read access to a subset of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. (CVE-2020-2537) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-05-23 modified 2020-01-16 plugin id 132991 published 2020-01-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132991 title Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jan 2020 CPU) NASL family Fedora Local Security Checks NASL id FEDORA_2019-00C25B9379.NASL description Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129319 published 2019-09-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129319 title Fedora 30 : 1:compat-openssl10 (2019-00c25b9379) NASL family Palo Alto Local Security Checks NASL id PALO_ALTO_PAN-SA-2019-0039.NASL description If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable last seen 2020-03-18 modified 2020-03-06 plugin id 134305 published 2020-03-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134305 title Palo Alto Networks PAN-OS 7.1 < 7.1.25 / 8.0 < 8.0.20 / 8.1 < 8.1.8 / 9.0 < 9.0.2 OpenSSL Vulnerability NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1432.NASL description This update for openssl-1_0_0 fixes the following issues : Security issues fixed : - The 9 Lives of Bleichenbacher last seen 2020-06-01 modified 2020-06-02 plugin id 125331 published 2019-05-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125331 title openSUSE Security Update : openssl-1_0_0 (openSUSE-2019-1432) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0572-1.NASL description This update for openssl-1_0_0 fixes the following issues : Security issues fixed : The 9 Lives of Bleichenbacher last seen 2020-06-01 modified 2020-06-02 plugin id 122747 published 2019-03-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122747 title SUSE SLED12 / SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2019:0572-1)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://www.openssl.org/news/secadv/20190226.txt
- https://usn.ubuntu.com/3899-1/
- http://www.securityfocus.com/bid/107174
- https://www.debian.org/security/2019/dsa-4400
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://access.redhat.com/errata/RHSA-2019:3929
- https://access.redhat.com/errata/RHSA-2019:3931
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://usn.ubuntu.com/4376-2/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://access.redhat.com/errata/RHSA-2019:2471
- https://access.redhat.com/errata/RHSA-2019:2439
- https://access.redhat.com/errata/RHSA-2019:2437
- https://access.redhat.com/errata/RHSA-2019:2304
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10282
- https://www.tenable.com/security/tns-2019-03
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://security.netapp.com/advisory/ntap-20190423-0002/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html
- https://www.tenable.com/security/tns-2019-02
- https://support.f5.com/csp/article/K18549143
- https://security.gentoo.org/glsa/201903-10
- https://security.netapp.com/advisory/ntap-20190301-0001/
- https://security.netapp.com/advisory/ntap-20190301-0002/
- https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
- https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS