ID CVE-2013-6329
Summary IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session.
References
Vulnerable Configurations
  • IBM Content Manager onDemand for Multiplatforms 8.5
    cpe:2.3:a:ibm:content_manager_ondemand_for_multiplatforms:8.5
  • IBM Content Manager onDemand for Multiplatforms 9.0
    cpe:2.3:a:ibm:content_manager_ondemand_for_multiplatforms:9.0
  • IBM Global Security Kit
    cpe:2.3:a:ibm:global_security_kit
  • IBM Security Access Manager for Web 6.0
    cpe:2.3:a:ibm:security_access_manager_for_web:6.0
  • IBM Security Access Manager for Web 6.1
    cpe:2.3:a:ibm:security_access_manager_for_web:6.1
  • IBM Security Access Manager for Web 6.1.1
    cpe:2.3:a:ibm:security_access_manager_for_web:6.1.1
  • IBM Security Access Manager for Web 7.0
    cpe:2.3:a:ibm:security_access_manager_for_web:7.0
CVSS
Base: 7.8 (as of 13-08-2015 - 10:00)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Misc.
    NASL id IBM_INFORMIX_SERVER_SWG21660436.NASL
    description The remote Informix server ships with a version of IBM's Global Security kit (GSKit) library that is affected by a denial of service vulnerability in the SSL/TLS handshake processing code. Note that this plugin only checks the version of IBM Informix Server and GSKit. It does not check for the presence of any workaround.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72118
    published 2014-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72118
    title Informix Server GSKit < 7.0.4.47 / 8.0.50.13 SSL/TLS DoS
  • NASL family Misc.
    NASL id TIVOLI_ACCESS_MANAGER_EBIZ_6_1_1_8.NASL
    description According to its self-reported version, the install of the IBM Tivoli Access Manager for e-Business is affected by a denial of service vulnerability due to an issue when processing SSL/TLS handshakes when SSLv2 is used with session resumption. An attacker can exploit this vulnerability by sending a specially crafted SSL request to cause an application crash or hang.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 80480
    published 2015-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80480
    title IBM Tivoli Access Manager for e-Business < 6.0.0.31 / 6.1.0.12 / 6.1.1.8 or GSKit < 7.0.4.47 SSL/TLS Handshake Processing DoS
  • NASL family Web Servers
    NASL id WEBSPHERE_8_0_0_9.NASL
    description IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028) - An information disclosure flaw exists in the 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding. This many allow a remote attacker to gain timing information intended to be protected by encryption. (CVE-2014-0453) - A flaw exists with 'com.sun.jndi.dns.DnsClient' related to the randomization of query IDs. This could allow a remote attacker to conduct spoofing attacks. (CVE-2014-0460) - A flaw exists in the Full and Liberty profiles. A remote attacker, using a specially crafted request, could gain access to arbitrary files. (CVE-2014-0823, PI05324) - An information disclosure flaw exists within the Administrative Console. This could allow a network attacker, using a specially crafted request, to gain privileged access. (CVE-2014-0857, PI07808) - A denial of service flaw exists in a web server plugin on servers configured to retry failed POST request. This could allow a remote attacker to crash the application. (CVE-2014-0859, PI08892) - An information disclosure flaw exists within Proxy and ODR servers. This could allow a remote attacker, using a specially crafted request, to gain access to potentially sensitive information. (CVE-2014-0891, PI09786) - A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component. This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025) - An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information. (CVE-2014-0965, PI11434) - An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information. (CVE-2014-3022, PI09594)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 76995
    published 2014-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76995
    title IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities
  • NASL family General
    NASL id IBM_GSKIT_CVE-2013-6329.NASL
    description The remote host has a version of IBM Global Security Kit prior to 7.0.4.47 / 8.0.50.13. It is, therefore, affected by a denial of service vulnerability. An attacker can exploit this vulnerability by sending a specially crafted SSL request to cause an application crash or hang.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72283
    published 2014-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72283
    title IBM Global Security Kit 7 < 7.0.4.47 / 8 < 8.0.50.13 DoS
  • NASL family Web Servers
    NASL id WEBSPHERE_8_5_5_2.NASL
    description IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - Numerous errors exist related to the included IBM SDK for Java (based on the Oracle JDK) that could allow denial of service attacks and information disclosure. (CVE-2013-5372, CVE-2013-5780, CVE-2013-5803) - User input validation errors exist related to the Administrative console and the Oauth component that could allow cross-site scripting attacks. (CVE-2013-6725 / PM98132, CVE-2013-6323 / PI04777, CVE-2013-6738 / PI05661) - An error exists due to a failure to properly handle by web services endpoint requests that could allow denial of service attacks. (CVE-2013-6325 / PM99450, PI08267) - An error exists in the included IBM Global Security Kit related to SSL handling that could allow denial of service attacks. (CVE-2013-6329 / PI05309) - A flaw exists with the 'mod_dav' module that is caused when tracking the length of CDATA that has leading white space. A remote attacker with a specially crafted DAV WRITE request can cause the service to stop responding. (CVE-2013-6438 / PI09345) - An error exists in the included IBM Global Security Kit related to malformed X.509 certificate chain handling that could allow denial of service attacks. (CVE-2013-6747 / PI09443) - An error exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipart requests such as file uploads that could allow denial of service attacks. (CVE-2014-0050 / PI12648, PI12926) - An unspecified error exists that could allow file disclosures to remote unauthenticated attackers. (CVE-2014-0823 / PI05324) - An unspecified error exists related to the Administrative console that could allow a security bypass. (CVE-2014-0857 / PI07808) - An error exists related to a web server plugin and retrying failed POST requests that could allow denial of service attacks. (CVE-2014-0859 / PI08892) - An error exists related to the Proxy and ODR components that could allow information disclosure. (CVE-2014-0891 / PI09786) - An unspecified error exists related to the 'Liberty Profile' that could allow information disclosure. (CVE-2014-0896 / PI10134)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 74235
    published 2014-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74235
    title IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id WEBSPHERE_7_0_0_33.NASL
    description IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of an SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028) - A remote code execution flaw exists with Apache Struts. The failure to restrict setting of Class loader attributes could allow a remote attacker to execute arbitrary script code. (CVE-2014-0114, PI17190) - An information disclosure flaw exists in the 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding. This many allow a remote attacker to gain timing information intended to be protected by encryption. (CVE-2014-0453) - A flaw exists within 'com.sun.jndi.dns.DnsClient' related to the randomization of query IDs. This could allow a remote attacker to conduct spoofing attacks. (CVE-2014-0460) - A denial of service flaw exists in a web server plugin on servers configured to retry failed POST request. This could allow a remote attacker to crash the application. (CVE-2014-0859, PI08892) - A flaw exists with the 'IBMJCE' and 'IBMSecureRandom' cryptographic providers by generating numbers in a predictable manner. This could allow a remote attacker to easily guess the output of the random number generator. (CVE-2014-0878) - An information disclosure flaw exists within Proxy and ODR servers. This could allow a remote attacker, using a specially crafted request, to gain access to potentially sensitive information. (CVE-2014-0891, PI09786) - A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component. This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025) - An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information. (CVE-2014-0965, PI11434) - An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information. (CVE-2014-3022, PI09594)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 76967
    published 2014-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76967
    title IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities
refmap via4
confirm
secunia 56058
xf ibm-gskit-cve20136329-dos(88939)
Last major update 13-08-2015 - 13:44
Published 17-12-2013 - 10:21
Last modified 28-08-2017 - 21:33
Back to Top