ID CVE-2014-3566
Summary The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 5
    cpe:2.3:o:redhat:enterprise_linux:5
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Desktop Supplementary 5.0
    cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0
  • Red Hat Enterprise Linux Desktop Supplementary 6.0 (v. 6)
    cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0
  • cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:76.0
    cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:76.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server Supplementary 5.0
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0
  • Red Hat Enterprise Linux Server Supplementary 6.0 (v. 6)
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0
  • cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Red Hat Enterprise Linux Workstation Supplementary 6.0 (v. 6)
    cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0
  • cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0
  • IBM AIX 5.3
    cpe:2.3:o:ibm:aix:5.3
  • IBM AIX 6.1
    cpe:2.3:o:ibm:aix:6.1
  • IBM AIX 7.1
    cpe:2.3:o:ibm:aix:7.1
  • Apple Mac OS X 10.10.1
    cpe:2.3:o:apple:mac_os_x:10.10.1
  • cpe:2.3:o:mageia:mageia:3.0
    cpe:2.3:o:mageia:mageia:3.0
  • cpe:2.3:o:mageia:mageia:4.0
    cpe:2.3:o:mageia:mageia:4.0
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0
  • Novell SUSE Linux Enterprise Desktop 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
  • Novell openSUSE 12.3
    cpe:2.3:o:novell:opensuse:12.3
  • Novell openSUSE 13.1
    cpe:2.3:o:novell:opensuse:13.1
  • Novell SUSE Linux Enterprise Server 11.0 Service Pack 3
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:-:-:-:vmware
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:-:-:-:vmware
  • Novell SUSE Linux Enterprise Server 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
  • Fedora 19
    cpe:2.3:o:fedoraproject:fedora:19
  • Fedora 20
    cpe:2.3:o:fedoraproject:fedora:20
  • Fedora 21
    cpe:2.3:o:fedoraproject:fedora:21
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
  • OpenSSL Project OpenSSL 0.9.8d
    cpe:2.3:a:openssl:openssl:0.9.8d
  • OpenSSL Project OpenSSL 0.9.8e
    cpe:2.3:a:openssl:openssl:0.9.8e
  • OpenSSL Project OpenSSL 0.9.8f
    cpe:2.3:a:openssl:openssl:0.9.8f
  • OpenSSL Project OpenSSL 0.9.8g
    cpe:2.3:a:openssl:openssl:0.9.8g
  • OpenSSL Project OpenSSL 0.9.8h
    cpe:2.3:a:openssl:openssl:0.9.8h
  • OpenSSL Project OpenSSL 0.9.8i
    cpe:2.3:a:openssl:openssl:0.9.8i
  • OpenSSL Project OpenSSL 0.9.8j
    cpe:2.3:a:openssl:openssl:0.9.8j
  • OpenSSL Project OpenSSL 0.9.8k
    cpe:2.3:a:openssl:openssl:0.9.8k
  • OpenSSL Project OpenSSL 0.9.8l
    cpe:2.3:a:openssl:openssl:0.9.8l
  • OpenSSL Project OpenSSL 0.9.8m
    cpe:2.3:a:openssl:openssl:0.9.8m
  • OpenSSL Project OpenSSL 0.9.8m Beta1
    cpe:2.3:a:openssl:openssl:0.9.8m:beta1
  • OpenSSL Project OpenSSL 0.9.8n
    cpe:2.3:a:openssl:openssl:0.9.8n
  • OpenSSL Project OpenSSL 0.9.8o
    cpe:2.3:a:openssl:openssl:0.9.8o
  • OpenSSL Project OpenSSL 0.9.8p
    cpe:2.3:a:openssl:openssl:0.9.8p
  • OpenSSL Project OpenSSL 0.9.8q
    cpe:2.3:a:openssl:openssl:0.9.8q
  • OpenSSL Project OpenSSL 0.9.8r
    cpe:2.3:a:openssl:openssl:0.9.8r
  • OpenSSL Project OpenSSL 0.9.8s
    cpe:2.3:a:openssl:openssl:0.9.8s
  • OpenSSL Project OpenSSL 0.9.8t
    cpe:2.3:a:openssl:openssl:0.9.8t
  • OpenSSL Project OpenSSL 0.9.8u
    cpe:2.3:a:openssl:openssl:0.9.8u
  • OpenSSL Project OpenSSL 0.9.8v
    cpe:2.3:a:openssl:openssl:0.9.8v
  • OpenSSL Project OpenSSL 0.9.8w
    cpe:2.3:a:openssl:openssl:0.9.8w
  • OpenSSL Project OpenSSL 0.9.8x
    cpe:2.3:a:openssl:openssl:0.9.8x
  • OpenSSL Project OpenSSL 0.9.8y
    cpe:2.3:a:openssl:openssl:0.9.8y
  • OpenSSL Project OpenSSL 0.9.8z
    cpe:2.3:a:openssl:openssl:0.9.8z
  • OpenSSL Project OpenSSL 0.9.8za
    cpe:2.3:a:openssl:openssl:0.9.8za
  • OpenSSL Project OpenSSL 0.9.8zb
    cpe:2.3:a:openssl:openssl:0.9.8zb
  • OpenSSL Project OpenSSL 1.0.0
    cpe:2.3:a:openssl:openssl:1.0.0
  • OpenSSL Project OpenSSL 1.0.0 Beta1
    cpe:2.3:a:openssl:openssl:1.0.0:beta1
  • OpenSSL Project OpenSSL 1.0.0 Beta2
    cpe:2.3:a:openssl:openssl:1.0.0:beta2
  • OpenSSL Project OpenSSL 1.0.0 Beta3
    cpe:2.3:a:openssl:openssl:1.0.0:beta3
  • OpenSSL Project OpenSSL 1.0.0 Beta4
    cpe:2.3:a:openssl:openssl:1.0.0:beta4
  • OpenSSL Project OpenSSL 1.0.0 Beta5
    cpe:2.3:a:openssl:openssl:1.0.0:beta5
  • OpenSSL Project OpenSSL 1.0.0a
    cpe:2.3:a:openssl:openssl:1.0.0a
  • OpenSSL Project OpenSSL 1.0.0b
    cpe:2.3:a:openssl:openssl:1.0.0b
  • OpenSSL Project OpenSSL 1.0.0c
    cpe:2.3:a:openssl:openssl:1.0.0c
  • OpenSSL Project OpenSSL 1.0.0d
    cpe:2.3:a:openssl:openssl:1.0.0d
  • OpenSSL Project OpenSSL 1.0.0e
    cpe:2.3:a:openssl:openssl:1.0.0e
  • OpenSSL Project OpenSSL 1.0.0f
    cpe:2.3:a:openssl:openssl:1.0.0f
  • OpenSSL Project OpenSSL 1.0.0g
    cpe:2.3:a:openssl:openssl:1.0.0g
  • OpenSSL Project OpenSSL 1.0.0h
    cpe:2.3:a:openssl:openssl:1.0.0h
  • OpenSSL Project OpenSSL 1.0.0i
    cpe:2.3:a:openssl:openssl:1.0.0i
  • OpenSSL Project OpenSSL 1.0.0j
    cpe:2.3:a:openssl:openssl:1.0.0j
  • OpenSSL Project OpenSSL 1.0.0k
    cpe:2.3:a:openssl:openssl:1.0.0k
  • OpenSSL Project OpenSSL 1.0.0l
    cpe:2.3:a:openssl:openssl:1.0.0l
  • OpenSSL Project OpenSSL 1.0.0m
    cpe:2.3:a:openssl:openssl:1.0.0m
  • OpenSSL Project OpenSSL 1.0.0n
    cpe:2.3:a:openssl:openssl:1.0.0n
  • OpenSSL Project OpenSSL 1.0.1
    cpe:2.3:a:openssl:openssl:1.0.1
  • OpenSSL Project OpenSSL 1.0.1 Beta1
    cpe:2.3:a:openssl:openssl:1.0.1:beta1
  • OpenSSL Project OpenSSL 1.0.1 Beta2
    cpe:2.3:a:openssl:openssl:1.0.1:beta2
  • OpenSSL Project OpenSSL 1.0.1 Beta3
    cpe:2.3:a:openssl:openssl:1.0.1:beta3
  • OpenSSL Project OpenSSL 1.0.1a
    cpe:2.3:a:openssl:openssl:1.0.1a
  • OpenSSL Project OpenSSL 1.0.1b
    cpe:2.3:a:openssl:openssl:1.0.1b
  • OpenSSL Project OpenSSL 1.0.1c
    cpe:2.3:a:openssl:openssl:1.0.1c
  • OpenSSL Project OpenSSL 1.0.1d
    cpe:2.3:a:openssl:openssl:1.0.1d
  • OpenSSL Project OpenSSL 1.0.1e
    cpe:2.3:a:openssl:openssl:1.0.1e
  • OpenSSL Project OpenSSL 1.0.1f
    cpe:2.3:a:openssl:openssl:1.0.1f
  • OpenSSL Project OpenSSL 1.0.1g
    cpe:2.3:a:openssl:openssl:1.0.1g
  • OpenSSL Project OpenSSL 1.0.1h
    cpe:2.3:a:openssl:openssl:1.0.1h
  • OpenSSL Project OpenSSL 1.0.1i
    cpe:2.3:a:openssl:openssl:1.0.1i
  • IBM VIOS 2.2.0.10
    cpe:2.3:o:ibm:vios:2.2.0.10
  • IBM VIOS 2.2.0.11
    cpe:2.3:o:ibm:vios:2.2.0.11
  • IBM VIOS 2.2.0.12
    cpe:2.3:o:ibm:vios:2.2.0.12
  • IBM VIOS 2.2.0.13
    cpe:2.3:o:ibm:vios:2.2.0.13
  • IBM VIOS 2.2.1.0
    cpe:2.3:o:ibm:vios:2.2.1.0
  • IBM VIOS 2.2.1.1
    cpe:2.3:o:ibm:vios:2.2.1.1
  • IBM VIOS 2.2.1.3
    cpe:2.3:o:ibm:vios:2.2.1.3
  • IBM VIOS 2.2.1.4
    cpe:2.3:o:ibm:vios:2.2.1.4
  • IBM Virtual I/O Server (VIOS) 2.2.1.5
    cpe:2.3:o:ibm:vios:2.2.1.5
  • IBM Virtual I/O Server (VIOS) 2.2.1.6
    cpe:2.3:o:ibm:vios:2.2.1.6
  • IBM Virtual I/O Server (VIOS) 2.2.1.7
    cpe:2.3:o:ibm:vios:2.2.1.7
  • IBM VIOS 2.2.1.8
    cpe:2.3:o:ibm:vios:2.2.1.8
  • IBM VIOS 2.2.1.9
    cpe:2.3:o:ibm:vios:2.2.1.9
  • IBM VIOS 2.2.2.0
    cpe:2.3:o:ibm:vios:2.2.2.0
  • IBM Virtual I/O Server (VIOS) 2.2.2.1
    cpe:2.3:o:ibm:vios:2.2.2.1
  • IBM Virtual I/O Server (VIOS) 2.2.2.2
    cpe:2.3:o:ibm:vios:2.2.2.2
  • IBM Virtual I/O Server (VIOS) 2.2.2.3
    cpe:2.3:o:ibm:vios:2.2.2.3
  • IBM VIOS 2.2.2.4
    cpe:2.3:o:ibm:vios:2.2.2.4
  • IBM VIOS 2.2.2.5
    cpe:2.3:o:ibm:vios:2.2.2.5
  • IBM VIOS 2.2.3.0
    cpe:2.3:o:ibm:vios:2.2.3.0
  • IBM Virtual I/O Server (VIOS) 2.2.3.1
    cpe:2.3:o:ibm:vios:2.2.3.1
  • IBM VIOS 2.2.3.2
    cpe:2.3:o:ibm:vios:2.2.3.2
  • IBM VIOS 2.2.3.3
    cpe:2.3:o:ibm:vios:2.2.3.3
  • IBM Virtual I/O Server (VIOS) 2.2.3.4
    cpe:2.3:o:ibm:vios:2.2.3.4
  • NetBSD 5.1
    cpe:2.3:o:netbsd:netbsd:5.1
  • NetBSD 5.1.1
    cpe:2.3:o:netbsd:netbsd:5.1.1
  • NetBSD 5.1.2
    cpe:2.3:o:netbsd:netbsd:5.1.2
  • NetBSD 5.1.3
    cpe:2.3:o:netbsd:netbsd:5.1.3
  • NetBSD 5.1.4
    cpe:2.3:o:netbsd:netbsd:5.1.4
  • NetBSD 5.2
    cpe:2.3:o:netbsd:netbsd:5.2
  • NetBSD 5.2.1
    cpe:2.3:o:netbsd:netbsd:5.2.1
  • NetBSD 5.2.2
    cpe:2.3:o:netbsd:netbsd:5.2.2
  • NetBSD 6.0
    cpe:2.3:o:netbsd:netbsd:6.0
  • NetBSD 6.0 Beta
    cpe:2.3:o:netbsd:netbsd:6.0:beta
  • NetBSD 6.0.1
    cpe:2.3:o:netbsd:netbsd:6.0.1
  • NetBSD 6.0.2
    cpe:2.3:o:netbsd:netbsd:6.0.2
  • NetBSD 6.0.3
    cpe:2.3:o:netbsd:netbsd:6.0.3
  • NetBSD 6.0.4
    cpe:2.3:o:netbsd:netbsd:6.0.4
  • NetBSD 6.0.5
    cpe:2.3:o:netbsd:netbsd:6.0.5
  • NetBSD 6.0.6
    cpe:2.3:o:netbsd:netbsd:6.0.6
  • NetBSD 6.1
    cpe:2.3:o:netbsd:netbsd:6.1
  • NetBSD 6.1.1
    cpe:2.3:o:netbsd:netbsd:6.1.1
  • NetBSD 6.1.2
    cpe:2.3:o:netbsd:netbsd:6.1.2
  • NetBSD 6.1.3
    cpe:2.3:o:netbsd:netbsd:6.1.3
  • NetBSD 6.1.4
    cpe:2.3:o:netbsd:netbsd:6.1.4
  • NetBSD 6.1.5
    cpe:2.3:o:netbsd:netbsd:6.1.5
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Oracle Database 11.2.0.4
    cpe:2.3:a:oracle:database:11.2.0.4
  • Oracle Database 12.1.0.2
    cpe:2.3:a:oracle:database:12.1.0.2
CVSS
Base: 4.3 (as of 01-11-2016 - 14:44)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
metasploit via4
description Check if an HTTP server supports a given version of SSL/TLS. If a web server can successfully establish an SSLv3 session, it is likely to be vulnerable to the POODLE attack described on October 14, 2014, as a patch against the attack is unlikely.
id MSF:AUXILIARY/SCANNER/HTTP/SSL_VERSION
last seen 2018-06-01
modified 2017-07-24
published 2014-10-17
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/ssl_version.rb
title HTTP SSL/TLS Version Detection (POODLE scanner)
nessus via4
  • NASL family Misc.
    NASL id ASTERISK_AST_2014_011.NASL
    description According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by an error related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2017-10-29
    modified 2016-11-11
    plugin id 78623
    published 2014-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78623
    title Asterisk Information Disclosure (AST-2014-011) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBWSMAN-DEVEL-141021.NASL
    description This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the [server] section : ssl_disabled_protocols = SSLv2 SSLv3
    last seen 2017-10-29
    modified 2015-01-13
    plugin id 79332
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79332
    title SuSE 11.3 Security Update : openwsman (SAT Patch Number 9902)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_1J.NASL
    description According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1j. The OpenSSL library is, therefore, affected by the following vulnerabilities : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks. (CVE-2014-3513) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - An error exists related to session ticket handling that can allow denial of service attacks via memory leaks. (CVE-2014-3567) - An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78554
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78554
    title OpenSSL 1.0.1 < 1.0.1j Multiple Vulnerabilities (POODLE)
  • NASL family Misc.
    NASL id VMWARE_WORKSPACE_PORTAL_VMSA2015-0003.NASL
    description The VMware Workspace Portal (formerly known as VMware Horizon Workspace) installed on the remote host is version 2.x prior to 2.1.1. It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 82742
    published 2015-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82742
    title VMware Workspace Portal Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1652.NASL
    description Updated OpenSSL packages that contain a backported patch to mitigate the CVE-2014-3566 issue known as SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE), and fixed two security issues that are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566 and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78516
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78516
    title CentOS 6 / 7 : openssl (CESA-2014:1652)
  • NASL family Windows
    NASL id IBM_GPFS_ISG3T1021546_WINDOWS.NASL
    description A version of IBM General Parallel File System (GPFS) 3.5.x prior to 3.5.0.21 is installed on the remote Windows host. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks. (CVE-2014-3513) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. Man-in-the-middle attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - An error exists related to session ticket handling that can allow denial of service attacks via memory leaks. (CVE-2014-3567) - An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 80885
    published 2015-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80885
    title IBM General Parallel File System Multiple Vulnerabilities (Windows) (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1653.NASL
    description Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 78533
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78533
    title RHEL 5 : openssl (RHSA-2014:1653) (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0079.NASL
    description Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 80931
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80931
    title RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2015:0079) (POODLE)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3253.NASL
    description Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer (SSL) protocol. For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555 ). TLS compression is disabled (CVE-2012-4929 ), although this is normally already disabled by the OpenSSL system library. Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566 ) entirely via the new 'DisableSSLv3' configuration directive, although it will not disabled by default in this update. Additionally a non-security sensitive issue in redirect encoding is addressed. For Debian 8 (jessie) these issues have been fixed prior to the release, with the exception of client-initiated renegotiation (CVE-2009-3555 ). This update addresses that issue for jessie.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 83306
    published 2015-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83306
    title Debian DSA-3253-1 : pound - security update (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0069.NASL
    description Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-6601, CVE-2015-0437) Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2014-6549, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 80882
    published 2015-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80882
    title RHEL 6 : java-1.8.0-openjdk (RHSA-2015:0069) (POODLE)
  • NASL family Misc.
    NASL id XEROX_XRX15AJ.NASL
    description According to its model number and software version, the remote Xerox WorkCentre 3550 device is affected by multiple OpenSSL vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 87323
    published 2015-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87323
    title Xerox WorkCentre 3550 OpenSSL Multiple Vulnerabilities (XRX15AJ) (FREAK) (POODLE)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-282.NASL
    description This update allows to disable SSLv3 in lighttpd in order to protect against the POODLE attack. SSLv3 is now disabled by default and can be reenabled (if needed) using the ssl.use-sslv3 option. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 84991
    published 2015-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84991
    title Debian DLA-282-1 : lighttpd security update (POODLE)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0068.NASL
    description From Red Hat Security Advisory 2015:0068 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 80900
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80900
    title Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2015-0068) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-640.NASL
    description Claws Mail was updated to version 3.11.0. Changes : + SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability (CVE-2014-3566). + Several PGP/Core plugin improvements : - Indicate when a key has been revoked or has expired when displaying signature status. - When displaying the full information, show the Validity, and the Owner Trust level. Also indicate expired and revoked keys, and revoked UIDs. - The 'Content-Disposition: attachment' flag in PGP/MIME signed messages has been removed. It was confusing for cetain MUAs. + A new version of the RSSyl plugin, completely redesigned and rewritten. + The results of TAB address completion in the Compose window have improved ordering. + Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0. + In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented. + In the Compose window, a mnemonic (s) has been added to the Subject line. + The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed. + When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting. + A new QuickSearch filter has been added that searches a header's content only. + A Reply-To field has been added to the main Template configuration. + The menubar can now be hidden, default hotkey: F12. + Fancy plugin: A user-controlled stylesheet can now be used. + Python plugin: Add flag attributes to MessageInfo object. + Python plugin: Make 'account' property of ComposeWindow read/write. + Libravatar plugin: a network timeout option has been added. + The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion. + Updated translations
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 79106
    published 2014-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79106
    title openSUSE Security Update : claws-mail (openSUSE-SU-2014:1384-1) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-671.NASL
    description openSSL was updated to version 1.0.1j to fix four security issues and various other issues. These security issues were fixed : - Fix SRTP Memory Leak (CVE-2014-3513) - Session Ticket Memory Leak (CVE-2014-3567) - Add SSL 3.0 Fallback protection TLS_FALLBACK_SCSV (CVE-2014-3566) - Build option no-ssl3 is incomplete (CVE-2014-3568)
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 79269
    published 2014-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79269
    title openSUSE Security Update : openssl (openSUSE-SU-2014:1426-1) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_SUSEREGISTER-141121.NASL
    description suseRegister was updated to fix one security issue : - POODLE: Ensure that only TLS is used. (CVE-2014-3566)
    last seen 2017-10-29
    modified 2015-01-13
    plugin id 80390
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80390
    title SuSE 11.3 Security Update : suseRegister (SAT Patch Number 10008)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0038.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - xend: disable sslv3 due to (CVE-2014-3566)
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 79553
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79553
    title OracleVM 3.3 : xen (OVMSA-2014-0038) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_EVOLUTION-DATA-SERVER-141114.NASL
    description evolution-data-server has been updated to disable support for SSLv3. This security issues has been fixed : - SSLv3 POODLE attack (CVE-2014-3566)
    last seen 2017-10-29
    modified 2015-01-13
    plugin id 79618
    published 2014-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79618
    title SuSE 11.3 Security Update : evolution-data-server (SAT Patch Number 9969)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0068.NASL
    description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 80869
    published 2015-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80869
    title CentOS 5 : java-1.7.0-openjdk (CESA-2015:0068) (POODLE)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SERVER_4_1.NASL
    description The remote Mac OS X host has a version of OS X Server installed that is prior 4.1. It is, therefore, affected by vulnerabilities in the following components : - Dovecot - Firewall - Postfix - Wiki Server
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 83088
    published 2015-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83088
    title Mac OS X : OS X Server < 4.1 Multiple Vulnerabilities (POODLE)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141016_OPENSSL_ON_SL5_X.NASL
    description This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see Upstream's Knowledgebase article at https://access.redhat.com/articles/1232123 For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 78536
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78536
    title Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (POODLE)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-426.NASL
    description Bodo Moller, Thai Duong and Krzysztof Kotowicz of Google discovered a flaw in the design of SSL version 3.0 that would allow an attacker to calculate the plaintext of secure connections, allowing, for example, secure HTTP cookies to be stolen. http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exp loiting-ssl-30.html https://www.openssl.org/~bodo/ssl-poodle.pdf Special notes : We have backfilled our 2014.03, 2013.09, and 2013.03 Amazon Linux AMI repositories with updated openssl packages that fix CVE-2014-3566 . For 2014.09 Amazon Linux AMIs, 'openssl-1.0.1i-1.79.amzn1' addresses this CVE. Running 'yum clean all' followed by 'yum update openssl' will install the fixed package. For Amazon Linux AMIs 'locked' to the 2014.03 repositories, 'openssl-1.0.1i-1.79.amzn1' also addresses this CVE. Running 'yum clean all' followed by 'yum update openssl' will install the fixed package. For Amazon Linux AMIs 'locked' to the 2013.09 or 2013.03 repositories, 'openssl-1.0.1e-4.60.amzn1' addresses this CVE. Running 'yum clean all' followed by 'yum update openssl' will install the fixed package. If you are using a pre-2013.03 Amazon Linux AMI, we encourage you to move to a newer version of the Amazon Linux AMI as soon as possible.
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 78484
    published 2014-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78484
    title Amazon Linux AMI : openssl (ALAS-2014-426) (POODLE)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2487-1.NASL
    description Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593) A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. An attacker could exploit this to cause a denial of service. (CVE-2015-0383) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could this exploit to cause a denial of service. (CVE-2015-0410) A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2015-0413). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-01
    plugin id 81045
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81045
    title Ubuntu 14.04 LTS / 14.10 : openjdk-7 vulnerabilities (USN-2487-1) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15379.NASL
    description This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3 by default for the most predominate uses of TLS in Node.js. It took longer than expected to get this release accomplished in a way that would provide appropriate default security settings, while minimizing the surface area for the behavior change we were introducing. It was also important that we validated that our changes were being applied in the variety of configurations we support in our APIs. With this release, we are confident that the only behavior change is that of the default allowed protocols do not include SSLv2 or SSLv3. Though you are still able to programatically consume those protocols if necessary. Included is the documentation that you can find at https://nodejs.org/api/tls.html#tls_protocol_support that describes how this works going forward for client and server implementations. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 79896
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79896
    title Fedora 20 : libuv-0.10.29-1.fc20 / nodejs-0.10.33-1.fc20 (2014-15379) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-13399.NASL
    description - Mon Oct 20 2014 Jeffrey C. Ollie - 11.13.1-1 The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28-cert2, 11.6-cert7, 1.8.31.1, 11.13.1, 12.6.1, and 13.0.0-beta3. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following security vulnerability : - AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability Asterisk is susceptible to the POODLE vulnerability in two ways: 1) The res_jabber and res_xmpp module both use SSLv3 exclusively for their encrypted connections. 2) The core TLS handling in Asterisk, which is used by the chan_sip channel driver, Asterisk Manager Interface (AMI), and Asterisk HTTP Server, by default allow a TLS connection to fallback to SSLv3. This allows for a MITM to potentially force a connection to fallback to SSLv3, exposing it to the POODLE vulnerability. These issues have been resolved in the versions released in conjunction with this security advisory. For more information about the details of this vulnerability, please read security advisory AST-2014-011, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs : http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.28-cert2 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert7 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.31.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.13.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.6.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-13.0.0-beta3 The security advisory is available at : - http://downloads.asterisk.org/pub/security/AST-2014-011. pdf - Mon Oct 20 2014 Jeffrey C. Ollie - 11.13.0-1 The Asterisk Development Team has announced the release of Asterisk 11.13.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 11.13.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release : Bugs fixed in this release : Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 78804
    published 2014-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78804
    title Fedora 21 : asterisk-11.13.1-1.fc21 (2014-13399) (POODLE)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0039.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - add support for fallback SCSV to partially mitigate (CVE-2014-3566) (padding attack on SSL3) - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 79554
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79554
    title OracleVM 3.2 : openssl (OVMSA-2014-0039) (POODLE)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-198.NASL
    description Multiple vulnerabilities has been discovered and corrected in java-1.8.0-openjdk : Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions (CVE-2014-6601, CVE-2015-0437). Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2015-0412, CVE-2014-6549, CVE-2015-0408). A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions (CVE-2015-0395). A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded (CVE-2015-0410). A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack (CVE-2014-3566). Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled (CVE-2014-6593). An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2015-0407). A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions (CVE-2014-6587). Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory (CVE-2014-6585, CVE-2014-6591). Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack (CVE-2015-0383). The updated packages provides a solution for these security issues.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 82684
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82684
    title Mandriva Linux Security Advisory : java-1.8.0-openjdk (MDVSA-2015:198)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1877.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP2 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 79352
    published 2014-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79352
    title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:1877) (POODLE)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
    description A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the- middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 81015
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81015
    title Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (POODLE)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_CISCO_ANYCONNECT_3_1_5187.NASL
    description The remote host has a version of Cisco AnyConnect prior to 3.1(5187). It is, therefore, affected by an information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78677
    published 2014-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78677
    title Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(5187) (POODLE)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_384FC0B2014411E58FDA002590263BF5.NASL
    description Mickael Guessant reports : DavMail 4.6.0 released Enhancements: Fix potential CVE-2014-3566 vulnerability.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 83794
    published 2015-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83794
    title FreeBSD : davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) (384fc0b2-0144-11e5-8fda-002590263bf5) (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1652.NASL
    description Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 78532
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78532
    title RHEL 6 / 7 : openssl (RHSA-2014:1652) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-14234.NASL
    description - SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB address completion in the Compose window have improved ordering. - Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0. - In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented. - In the Compose window, a mnemonic (s) has been added to the Subject line. - The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed. - When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting. - A new QuickSearch filter has been added that searches a header's content only. H S : messages which contain S in the value of any header. - A Reply-To field has been added to the main Template configuration. - The menubar can now be hidden, default hotkey: F12. - Fancy plugin: A user-controlled stylesheet can now be used. - Python plugin: Add flag attributes to MessageInfo object. - Python plugin: Make 'account' property of ComposeWindow read/write. - Libravatar plugin: a network timeout option has been added. - Use 'gnutls_priority' hidden account preference for POP3 and STARTTLS connections, in addition to SMTP. - RSSyl plugin: Enable use of .netrc to store network credentials. - The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion. - Updated translations - Various Bugfixes New in 3.10.1 : - Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro). - RFE 3196, 'When changing quicksearch Search Type, set focus to search input box' - PGP/Core plugin: Generate 2048 bit RSA keys. - Major code cleanup. - Extended claws-mail.desktop with Compose and Receive actions. - Updated Bulgarian, Brazilian Portuguese, Czech, Dutch, Esperanto, Finnish, French, German,Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations. - Bug fixes New in 3.10.0 : - Complete SSL certificate chains are now saved, and if built with Libetpan 1.4.1, the IMAP SSL connection's certificate chain is made available. Both of these allow correct certificate verification instead of a bogus 'No certificate issuer found' status. - Auto-configuration of account email servers, based on SRV records, is now possible. (GLib >= 2.22 is required.) - Added a preference to avoid automatically drafting emails that are to be sent encrypted, (Configuration/Preferences/Compose/Writing). - Messages saved as Drafts are now saved as New, highlighting the Drafts folder, in order to draw the attention to unfinished mails there. - It is now possible to add a 'Replace signature' button to the Compose window toolbar. - Quotation wrapping and undo/redo in the Compose window has been improved. - 'Reply to all' now excludes your own address. - The 'Generate X-Mailer header' option has been renamed 'Add user agent header' and applies to both X-Mailer and X-Newsreader headers. - Added hidden preferences, 'address_search_wildcard' and 'folder_search_wildcard', to choose between matching from start of the folder name/address or any part of the name. (Activating these options restores the previous behaviour.) - Added hidden preference 'enable_avatars' to control the internal capture/render process, and which allows disabling it by external plugins for example. - 'Check for new folders' now only updates the folder list, not updating the contents of folders. If needed, it can be followed by 'Check for new messages' - When using Redirect, the redirecting account's address is used in the SMTP MAIL FROM instead of the original sender's address. - NEW: Libravatar plugin, which displays avatars from https://www.libravatar.org/ - Added support for an arbitrary number and sources of 'avatars' and images for email senders, and migrated Face and X-Face headers. - Avatars are now included when printing mails. - The GPG keyring can now be used as the source for address auto-completion. - The vCalendar and RSSyl plugins now have an option to disable SSL certificate verification (and check them by default). - The ClamAV plugin now pops up an error message only once instead of repeatedly - Updated the man page and the manual. - Updated Brazilian Portuguese, British English, Czech, Dutch, Finnish, French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations. - Added Esperanto translation. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-08
    plugin id 79097
    published 2014-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79097
    title Fedora 20 : claws-mail-3.11.1-2.fc20 / claws-mail-plugins-3.11.1-1.fc20 / libetpan-1.6-1.fc20 (2014-14234) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-647.NASL
    description libserf was updated to disable SSLv2 and SSLv3. libserf was updated to version 1.3.8 on openSUSE 13.1 and 13.2. This release also fixes a problem with handling very large gzip-encoded HTTP responses. For openSUSE 12.3 libserf 1.1.1 was patched to disable SSLv2 and SSLv3.
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 79222
    published 2014-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79222
    title openSUSE Security Update : libserf (openSUSE-SU-2014:1395-1) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-9090.NASL
    description Update to latest release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 86409
    published 2015-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86409
    title Fedora 21 : fossil-1.33-1.fc21 (2015-9090) (POODLE)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0067.NASL
    description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 80868
    published 2015-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80868
    title CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2015:0067) (POODLE)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2015-0001.NASL
    description a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host. The vulnerability does not allow for privilege escalation from the guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating System. Mitigation For ESXi to be affected, permissions must have been added to ESXi (or a vCenter Server managing it) for a virtual machine administrator role or greater. VMware would like to thank Shanon Olsson for reporting this issue to us through JPCERT. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8370 to this issue. b. VMware Workstation, Player, and Fusion Denial of Service vulnerability VMware Workstation, Player, and Fusion contain an input validation issue in the Host Guest File System (HGFS). This issue may allow for a Denial of Service of the Guest Operating system. VMware would like to thank Peter Kamensky from Digital Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1043 to this issue. c. VMware ESXi, Workstation, and Player Denial of Service vulnerability VMware ESXi, Workstation, and Player contain an input validation issue in VMware Authorization process (vmware-authd). This issue may allow for a Denial of Service of the host. On VMware ESXi and on Workstation running on Linux the Denial of Service would be partial. VMware would like to thank Dmitry Yudin @ret5et for reporting this issue to us through HP's Zero Day Initiative. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1044 to this issue. d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package The OpenSSL library is updated to version 1.0.1j or 0.9.8zc to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-3513, CVE-2014-3567, CVE-2014-3566 (ìPOODLEî) and CVE-2014-3568 to these issues. e. Update to ESXi libxml2 package The libxml2 library is updated to version libxml2-2.7.6-17 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3660 to this issue.
    last seen 2017-10-29
    modified 2016-11-30
    plugin id 81079
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81079
    title VMSA-2015-0001 : VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues (POODLE)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0040.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - add support for fallback SCSV to partially mitigate (CVE-2014-3566) (padding attack on SSL3) - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 79555
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79555
    title OracleVM 2.2 : openssl (OVMSA-2014-0040) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-13012.NASL
    description Update fixing three moderate security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-08
    plugin id 78581
    published 2014-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78581
    title Fedora 19 : openssl-1.0.1e-40.fc19 (2014-13012) (POODLE)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201411-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201411-10 (Asterisk: Multiple Vulnerabilities) Multiple unspecified vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit the vulnerabilities to cause a man in the middle attack or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2016-11-11
    plugin id 79418
    published 2014-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79418
    title GLSA-201411-10 : Asterisk: Multiple Vulnerabilities (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-91.NASL
    description OpenJDK was updated to 2.5.4 - OpenJDK 7u75 to fix security issues and bugs : - Security fixes - S8046656: Update protocol support - S8047125, CVE-2015-0395: (ref) More phantom object references - S8047130: Fewer escapes from escape analysis - S8048035, CVE-2015-0400: Ensure proper proxy protocols - S8049253: Better GC validation - S8050807, CVE-2015-0383: Better performing performance data handling - S8054367, CVE-2015-0412: More references for endpoints - S8055304, CVE-2015-0407: More boxing for DirectoryComboBoxModel - S8055309, CVE-2015-0408: RMI needs better transportation considerations - S8055479: TLAB stability - S8055489, CVE-2014-6585: Better substitution formats - S8056264, CVE-2014-6587: Multicast support improvements - S8056276, CVE-2014-6591: Fontmanager feature improvements - S8057555, CVE-2014-6593: Less cryptic cipher suite management - S8058982, CVE-2014-6601: Better verification of an exceptional invokespecial - S8059485, CVE-2015-0410: Resolve parsing ambiguity - S8061210, CVE-2014-3566: Issues in TLS
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 81141
    published 2015-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81141
    title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2015:0190-1) (POODLE)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1948.NASL
    description Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 The nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2.3, which provides a number of bug fixes and enhancements over the previous version, and adds the support for Mozilla Firefox 31.3. (BZ#1158159, BZ#1165003, BZ#1165525) Users of nss, nss-util, and nss-softokn are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue, fix these bugs, and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 79695
    published 2014-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79695
    title CentOS 5 / 6 / 7 : nss (CESA-2014:1948) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBOPENSSL-DEVEL-141024.NASL
    description This OpenSSL update fixes the following issues : - Session Ticket Memory Leak. (CVE-2014-3567) - Build option no-ssl3 is incomplete. (CVE-2014-3568) - Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE)
    last seen 2017-10-29
    modified 2015-01-28
    plugin id 78886
    published 2014-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78886
    title SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9915)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2486-1.NASL
    description Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593) A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. An attacker could exploit this to cause a denial of service. (CVE-2015-0383) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could this exploit to cause a denial of service. (CVE-2015-0410). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-01
    plugin id 81043
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81043
    title Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2486-1) (POODLE)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_0O.NASL
    description According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0o. The OpenSSL library is, therefore, affected by the following vulnerabilities : - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - An error exists related to session ticket handling that can allow denial of service attacks via memory leaks. (CVE-2014-3567) - An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78553
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78553
    title OpenSSL 1.0.0 < 1.0.1o Multiple Vulnerabilities (POODLE)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_XCODE_7_0.NASL
    description The version of Apple Xcode installed on the remote Mac OS X host is prior to 7.0. It is, therefore, affected by the multiple vulnerabilities : - A memory leak issue exists in file d1_srtp.c related to the DTLS SRTP extension handling and specially crafted handshake messages. An attacker can exploit this to cause denial of service condition. (CVE-2014-3513) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A memory leak issue exists in file t1_lib.c related to session ticket handling. An attacker can exploit this to cause denial of service condition. (CVE-2014-3567) - An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568) - A directory traversal vulnerability exists in send.js due to improper sanitization of user-supplied input. A remote, unauthenticated attacker can exploit this, via a specially crafted request, to access arbitrary files outside of the restricted path. (CVE-2014-6394) - A denial of service vulnerability exists in the mod_dav_svn and svnserve servers of Apache Subversion. A remote, unauthenticated attacker can exploit this, via a crafted combination of parameters, to cause the current process to abort through a failed assertion. (CVE-2015-0248) - A flaw exists in the mod_dav_svn server of Apache Subversion. A remote, authenticated attacker can exploit this, via a crafted HTTP request sequence, to spoof an 'svn:author' property value. (CVE-2015-0251) - A flaw exists in the Apache HTTP Server due to the ap_some_auth_required() function in file request.c not properly handling Require directive associations. A remote, unauthenticated attacker can exploit this to bypass access restrictions, by leveraging a module that relies on the 2.2 API behavior. (CVE-2015-3185) - A flaw exists in the IDE Xcode server due to improper restriction of access to the repository email lists. A remote, unauthenticated attacker can exploit this to access sensitive build information, by leveraging incorrect notification delivery. (CVE-2015-5909) - A flaw exists in the IDE Xcode server due to the transmission of server information in cleartext. A remote, man-in-the-middle attacker can exploit this to access sensitive information. (CVE-2015-5910)
    last seen 2017-10-29
    modified 2016-07-18
    plugin id 86245
    published 2015-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86245
    title Apple Xcode < 7.0 (Mac OS X) (POODLE)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10_2.NASL
    description The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.2. This update contains several security-related fixes for the following components : - bash - Bluetooth - CFNetwork Cache - CommerceKit Framework - CoreGraphics - CoreSymbolication - CPU Software - FontParser - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit - IOUSBFamily - Kernel - LaunchServices - libnetcore - LoginWindow - lukemftp - OpenSSL - Safari - SceneKit - Security - security_taskgate - Spotlight - SpotlightIndex - sysmond - UserAccountUpdater Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2017-11-02
    modified 2017-11-02
    plugin id 81087
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81087
    title Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)
  • NASL family Windows
    NASL id SOLARWINDS_SRM_PROFILER_6_2_3.NASL
    description The version of SolarWinds Storage Resource Monitor (SRM) Profiler (formerly SolarWinds Storage Manager) running on the remote host is prior to 6.2.3. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000) - Multiple SQL injection vulnerabilities exist due to a failure by various servlets to properly sanitize the user-supplied input to their parameters. An unauthenticated, remote attacker can exploit these vulnerabilities to inject or manipulate SQL queries against the back-end database, resulting in the disclosure or manipulation of arbitrary data (CVE-2016-4350). The following servlets are affected : - BackupAssociationServlet - BackupExceptionsServlet - BexDriveUsageSummaryServlet - DuplicateFilesServlet - FileActionAssignmentServlet - HostStorageServlet - NbuErrorMessageServlet - ProcessesServlet - QuantumMonitorServlet - ScriptServlet - UserDefinedFieldConfigServlet - WindowsEventLogsServlet - XiotechMonitorServlet - A SQL injection (SQLi) vulnerability exists in the RunScript.jsp script due to improper sanitization of user-supplied input before using it in SQL queries. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure and manipulation of arbitrary data. (VulnDB 143497) - A path traversal vulnerability exists due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose sensitive information. (VulnDB 143498)
    last seen 2017-10-29
    modified 2016-08-30
    plugin id 91123
    published 2016-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91123
    title SolarWinds Storage Resource Monitor Profiler < 6.2.3 Multiple Vulnerabilities (Logjam) (POODLE)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-429.NASL
    description A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 78559
    published 2014-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78559
    title Amazon Linux AMI : nss (ALAS-2014-429) (POODLE)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3144.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 81090
    published 2015-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81090
    title Debian DSA-3144-1 : openjdk-7 - security update (POODLE)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1653.NASL
    description Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 78517
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78517
    title CentOS 5 : openssl (CESA-2014:1653) (POODLE)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1948.NASL
    description From Red Hat Security Advisory 2014:1948 : Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 The nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2.3, which provides a number of bug fixes and enhancements over the previous version, and adds the support for Mozilla Firefox 31.3. (BZ#1158159, BZ#1165003, BZ#1165525) Users of nss, nss-util, and nss-softokn are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue, fix these bugs, and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 79681
    published 2014-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79681
    title Oracle Linux 5 / 6 / 7 : nss / nss-softokn / nss-util (ELSA-2014-1948) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-OPENJDK-150206.NASL
    description java-1_7_0-openjdk was updated to fix 19 security issues. Details are available at http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.h tml#AppendixJAVA
    last seen 2017-10-29
    modified 2015-04-18
    plugin id 81419
    published 2015-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81419
    title SuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 10286)
  • NASL family Misc.
    NASL id VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-WIN.NASL
    description The version of VMware vCenter Operations Manager installed on the remote Windows host has a bundled version of the Java JRE prior to version 1.7.0_76-b13 (aka 7.0.760.13). It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407) VMware has released a patch that updates the JRE bundled with the appliance.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 82707
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82707
    title VMware vCenter Operations Management Windows JRE Update 1.7.0_76-b13 (VMSA-2015-0003) (POODLE)
  • NASL family Misc.
    NASL id VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-LINUX.NASL
    description The version of VMware vCenter Operations Manager installed on the remote Linux host has a bundled version of the Java JRE prior to version 1.7.0_76-b13 (aka 7.0.760.13). It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407) VMware has released a patch that updates the JRE bundled with the appliance.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 82705
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82705
    title VMware vCenter Operations Management Linux JRE Update 1.7.0_76-b13 (VMSA-2015-0003) (POODLE)
  • NASL family Misc.
    NASL id XEROX_XRX15AD_COLORQUBE.NASL
    description According to its model number and software version, the remote Xerox ColorQube device is affected by multiple OpenSSL vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - A heap-based buffer overflow condition exists in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. This vulnerability is known as GHOST. (CVE-2015-0235)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 87322
    published 2015-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87322
    title Xerox ColorQube 92XX Multiple OpenSSL Vulnerabilities (XRX15AD) (FREAK) (GHOST) (POODLE)
  • NASL family CISCO
    NASL id CISCO-SA-20141015-POODLE-ASA.NASL
    description The remote Cisco ASA device is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. Note that all versions of ASA are affected; however, the workaround does not work for versions 8.0.x, 8.1.x, 9.0.x, and 9.1(1)x. Please refer to the advisory or contact the vendor for possible solutions.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78750
    published 2014-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78750
    title SSLv3 Padding Oracle On Downgraded Legacy Encryption in Cisco ASA Software (cisco-sa-20141015-poodle) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-14237.NASL
    description - SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB address completion in the Compose window have improved ordering. - Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0. - In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented. - In the Compose window, a mnemonic (s) has been added to the Subject line. - The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed. - When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting. - A new QuickSearch filter has been added that searches a header's content only. H S : messages which contain S in the value of any header. - A Reply-To field has been added to the main Template configuration. - The menubar can now be hidden, default hotkey: F12. - Fancy plugin: A user-controlled stylesheet can now be used. - Python plugin: Add flag attributes to MessageInfo object. - Python plugin: Make 'account' property of ComposeWindow read/write. - Libravatar plugin: a network timeout option has been added. - Use 'gnutls_priority' hidden account preference for POP3 and STARTTLS connections, in addition to SMTP. - RSSyl plugin: Enable use of .netrc to store network credentials. - The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion. - Updated translations - Various Bugfixes New in 3.10.1 : - Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro). - RFE 3196, 'When changing quicksearch Search Type, set focus to search input box' - PGP/Core plugin: Generate 2048 bit RSA keys. - Major code cleanup. - Extended claws-mail.desktop with Compose and Receive actions. - Updated Bulgarian, Brazilian Portuguese, Czech, Dutch, Esperanto, Finnish, French, German,Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations. - Bug fixes New in 3.10.0 : - Complete SSL certificate chains are now saved, and if built with Libetpan 1.4.1, the IMAP SSL connection's certificate chain is made available. Both of these allow correct certificate verification instead of a bogus 'No certificate issuer found' status. - Auto-configuration of account email servers, based on SRV records, is now possible. (GLib >= 2.22 is required.) - Added a preference to avoid automatically drafting emails that are to be sent encrypted, (Configuration/Preferences/Compose/Writing). - Messages saved as Drafts are now saved as New, highlighting the Drafts folder, in order to draw the attention to unfinished mails there. - It is now possible to add a 'Replace signature' button to the Compose window toolbar. - Quotation wrapping and undo/redo in the Compose window has been improved. - 'Reply to all' now excludes your own address. - The 'Generate X-Mailer header' option has been renamed 'Add user agent header' and applies to both X-Mailer and X-Newsreader headers. - Added hidden preferences, 'address_search_wildcard' and 'folder_search_wildcard', to choose between matching from start of the folder name/address or any part of the name. (Activating these options restores the previous behaviour.) - Added hidden preference 'enable_avatars' to control the internal capture/render process, and which allows disabling it by external plugins for example. - 'Check for new folders' now only updates the folder list, not updating the contents of folders. If needed, it can be followed by 'Check for new messages' - When using Redirect, the redirecting account's address is used in the SMTP MAIL FROM instead of the original sender's address. - NEW: Libravatar plugin, which displays avatars from https://www.libravatar.org/ - Added support for an arbitrary number and sources of 'avatars' and images for email senders, and migrated Face and X-Face headers. - Avatars are now included when printing mails. - The GPG keyring can now be used as the source for address auto-completion. - The vCalendar and RSSyl plugins now have an option to disable SSL certificate verification (and check them by default). - The ClamAV plugin now pops up an error message only once instead of repeatedly - Updated the man page and the manual. - Updated Brazilian Portuguese, British English, Czech, Dutch, Finnish, French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations. - Added Esperanto translation. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-08
    plugin id 80362
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80362
    title Fedora 19 : claws-mail-3.11.1-2.fc19 / claws-mail-plugins-3.11.1-1.fc19 / libetpan-1.6-1.fc19 (2014-14237) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17576.NASL
    description - Synced with native openssl-1.0.1j-3.fc22\r\n* Add support for RFC 5649\r\n* Prevent compiler warning 'Please include winsock2.h before windows.h' when using the OpenSSL headers\r\n* Fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-08
    plugin id 80319
    published 2015-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80319
    title Fedora 21 : mingw-openssl-1.0.1j-1.fc21 (2014-17576) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-141119.NASL
    description java-1_6_0-ibm has been updated to version 1.6.0_sr16.2 to fix 18 security issues. These security issues has been fixed : - Unspecified vulnerability in Oracle Java SE 6u81. (CVE-2014-3065) - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue. (CVE-2014-3566) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. (CVE-2014-6513) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6493 / CVE-2014-6532. (CVE-2014-6503) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6493 / CVE-2014-6503. (CVE-2014-6532) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493 / CVE-2014-6503 / CVE-2014-6532. (CVE-2014-4288) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6503 / CVE-2014-6532. (CVE-2014-6493) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6492) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6458) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6466) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. (CVE-2014-6506) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. (CVE-2014-6515) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. (CVE-2014-6511) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. (CVE-2014-6531) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. (CVE-2014-6512) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. (CVE-2014-6457) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. (CVE-2014-6502) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. (CVE-2014-6558) More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update _November_2014
    last seen 2017-10-29
    modified 2015-01-13
    plugin id 79634
    published 2014-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79634
    title SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9992)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SERVER_2_2_5.NASL
    description The remote Mac OS X 10.8 host has a version of OS X Server installed that is prior to version 2.2.5. It is, therefore, affected by an information disclosure vulnerability. An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78599
    published 2014-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78599
    title Mac OS X : OS X Server < 2.2.5 SSLv3 Information Disclosure (POODLE)
  • NASL family Misc.
    NASL id CUPS_2_0_1.NASL
    description According to its banner, the CUPS printer service installed on the remote host is a version prior to 2.0.1. It is, therefore, potentially affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 79580
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79580
    title CUPS < 2.0.1 SSLv3 Legacy Encryption Vulnerability (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-9110.NASL
    description Update to latest release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 86410
    published 2015-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86410
    title Fedora 22 : fossil-1.33-1.fc22 (2015-9110) (POODLE)
  • NASL family Misc.
    NASL id XEROX_XRX15AM.NASL
    description According to its model number and software version, the remote Xerox WorkCentre 3025 / 3215 / 3225 device is affected by multiple OpenSSL vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 87324
    published 2015-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87324
    title Xerox WorkCentre 3025 / 3215 / 3225 OpenSSL Multiple Vulnerabilities (XRX15AM) (FREAK) (POODLE)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0041.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - xend: disable sslv3 due to (CVE-2014-3566) - Keep the maxmem and memory same in vm.cfg Singed-off-by: Annie Li
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 79556
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79556
    title OracleVM 3.2 : xen (OVMSA-2014-0041) (POODLE)
  • NASL family Misc.
    NASL id VMWARE_VCENTER_VMSA-2015-0001.NASL
    description The VMware vCenter Server installed on the remote host is version 5.5 prior to Update 2d. It is, therefore, affected by multiple vulnerabilities in the included OpenSSL library : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks. (CVE-2014-3513) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. Man-in-the-middle attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - An error exists related to session ticket handling that can allow denial of service attacks via memory leaks. (CVE-2014-3567) - An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 81146
    published 2015-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81146
    title VMware Security Updates for vCenter Server (VMSA-2015-0001) (POODLE)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201606-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201606-11 (claws-mail: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in claws-mail. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly intercept communications due to the default implementation of SSL 3.0. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2016-10-10
    plugin id 91842
    published 2016-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91842
    title GLSA-201606-11 : claws-mail: Multiple Vulnerabilities (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15390.NASL
    description This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3 by default for the most predominate uses of TLS in Node.js. It took longer than expected to get this release accomplished in a way that would provide appropriate default security settings, while minimizing the surface area for the behavior change we were introducing. It was also important that we validated that our changes were being applied in the variety of configurations we support in our APIs. With this release, we are confident that the only behavior change is that of the default allowed protocols do not include SSLv2 or SSLv3. Though you are still able to programatically consume those protocols if necessary. Included is the documentation that you can find at https://nodejs.org/api/tls.html#tls_protocol_support that describes how this works going forward for client and server implementations. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 79897
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79897
    title Fedora 19 : libuv-0.10.29-1.fc19 / nodejs-0.10.33-1.fc19 (2014-15390) (POODLE)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2014-288-01.NASL
    description New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen 2017-10-29
    modified 2016-12-09
    plugin id 78483
    published 2014-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78483
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-288-01) (POODLE)
  • NASL family Web Servers
    NASL id APACHE_TRAFFIC_SERVER_511.NASL
    description According to its banner, the version of Apache Traffic Server running on the remote host is 5.1.x prior to 5.1.1. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A flaw exists in the remap logic which may allow an open relay to be enabled. (CVE-2014-3624) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2017-11-18
    modified 2016-05-24
    plugin id 80918
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80918
    title Apache Traffic Server 5.1.x < 5.1.1 Multiple Vulnerabilities (POODLE)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
    description A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the- middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 80903
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80903
    title Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (POODLE)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2015-001.NASL
    description The remote host is running a version of Mac OS X 10.8 or 10.9 that does not have Security Update 2015-001 applied. This update contains several security-related fixes for the following components : - AFP Server - Bluetooth - CoreGraphics - CoreSymbolication - FontParser - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - Kernel - LaunchServices - libnetcore - LoginWindow - lukemftp - OpenSSL - Sandbox - SceneKit - Security - security_taskgate - Spotlight - sysmond Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2017-11-02
    modified 2017-11-02
    plugin id 81088
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81088
    title Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_76C7A0F5592811E4ADC7001999F8D30B.NASL
    description The Asterisk project reports : The POODLE vulnerability is described under CVE-2014-3566. This advisory describes the Asterisk's project susceptibility to this vulnerability.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 78611
    published 2014-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78611
    title FreeBSD : asterisk -- Asterisk Susceptibility to POODLE Vulnerability (76c7a0f5-5928-11e4-adc7-001999f8d30b) (POODLE)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141202_NSS__NSS_UTIL__AND_NSS_SOFTOKN_ON_SL5_X.NASL
    description This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. The nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2.3, which provides a number of bug fixes and enhancements over the previous version, and adds the support for Mozilla Firefox 31.3. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 79713
    published 2014-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79713
    title Scientific Linux Security Update : nss, nss-util, and nss-softokn on SL5.x, SL6.x, SL7.x i386/x86_64 (POODLE)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0085.NASL
    description Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 81005
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81005
    title CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2015:0085) (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0086.NASL
    description Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 91 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 81014
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81014
    title RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0086) (POODLE)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0037.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - disable sslv3 due to (CVE-2014-3566) - Allow to create more than 6 bonds Singed-off-by: Adnan Misherfi
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 79552
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79552
    title OracleVM 3.2 : ovs-agent (OVMSA-2014-0037) (POODLE)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-471.NASL
    description A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412 , CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585 , CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383)
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 80921
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80921
    title Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-471) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1512-1.NASL
    description compat-openssl098 was updated to fix three security issues. NOTE: this update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations. These security issues were fixed : - Session ticket memory leak (CVE-2014-3567). - Fixed build option no-ssl3 (CVE-2014-3568). - Added support for TLS_FALLBACK_SCSV (CVE-2014-3566). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 83647
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83647
    title SUSE SLED12 Security Update : compat-openssl098 (SUSE-SU-2014:1512-1) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0503-1.NASL
    description This update fixes 13 security issues. These security issues were fixed : - CVE-2015-0395: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot (bnc#914041). - CVE-2015-0400: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality via unknown vectors related to Libraries (bnc#914041). - CVE-2015-0383: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allowed local users to affect integrity and availability via unknown vectors related to Hotspot (bnc#914041). - CVE-2015-0412: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS (bnc#914041). - CVE-2015-0407: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality via unknown vectors related to Swing (bnc#914041). - CVE-2015-0408: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI (bnc#914041). - CVE-2014-6585: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591 (bnc#914041). - CVE-2014-6587: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#914041). - CVE-2014-6591: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585 (bnc#914041). - CVE-2014-6593: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allowed remote attackers to affect confidentiality and integrity via vectors related to JSSE (bnc#914041). - CVE-2014-6601: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot (bnc#914041). - CVE-2015-0410: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allowed remote attackers to affect availability via unknown vectors related to Security (bnc#914041). - CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, used nondeterministic CBC padding, which made it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue (bnc#901223). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-12-28
    modified 2017-12-28
    plugin id 83699
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83699
    title SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:0503-1) (POODLE)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0067.NASL
    description From Red Hat Security Advisory 2015:0067 : Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 80899
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80899
    title Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-0067) (POODLE)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_OPENSSL_20141104.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. (CVE-2014-3513) - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue. (CVE-2014-3566) - Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. (CVE-2014-3567) - OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. (CVE-2014-3568)
    last seen 2017-10-29
    modified 2016-10-25
    plugin id 80725
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80725
    title Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl6) (POODLE)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL
    description A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the- middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 80902
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80902
    title Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1692.NASL
    description Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Storage 2.1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 79060
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79060
    title RHEL 6 : Storage Server (RHSA-2014:1692) (POODLE)
  • NASL family Misc.
    NASL id APPLETV_7_0_1.NASL
    description According to its banner, the remote Apple TV device is a version prior to 7.0.1. It is, therefore, affected by the following vulnerabilities : - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - A error exists that permits unencrypted connections for Human Interface Device (HID) class Bluetooth Low Energy accessories. This allows a local attacker to spoof another legitimate Bluetooth device to bypass pairing. (CVE-2014-4428)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78871
    published 2014-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78871
    title Apple TV < 7.0.1 Multiple Vulnerabilities (POODLE)
  • NASL family Web Servers
    NASL id SPLUNK_5011.NASL
    description According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.11. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A flaw exists in the included OpenSSL library due to handling session tickets that have not been properly verified for integrity. A remote attacker, by using a large number of invalid session tickets, can exploit this to cause a denial of service. (CVE-2014-3567) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2017-10-29
    modified 2016-05-12
    plugin id 79721
    published 2014-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79721
    title Splunk Enterprise 5.0.x < 5.0.11 Multiple Vulnerabilities (POODLE)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-203.NASL
    description Multiple vulnerabilities has been discovered and corrected in openssl : OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566). When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack (CVE-2014-3567). The updated packages have been upgraded to the 1.0.0o version where these security flaws has been fixed.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78665
    published 2014-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78665
    title Mandriva Linux Security Advisory : openssl (MDVSA-2014:203)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL
    description Oracle reports : Lynx is vulnerable to POODLE by still supporting vulnerable version of SSL. Lynx is also vulnerable to URL attacks by incorrectly parsing hostnames ending with an '?'.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 96363
    published 2017-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96363
    title FreeBSD : lynx -- multiple vulnerabilities (03532a19-d68e-11e6-9171-14dae9d210b8) (POODLE)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-472.NASL
    description Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-6601 , CVE-2015-0437) Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412 , CVE-2014-6549 , CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585 , CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383)
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 80922
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80922
    title Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-472) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1457-1.NASL
    description - Previous versions of cyrus-imapd would not allow its users to disable old protocols like SSLv1 and SSLv2 that are unsafe due to various known attacks like BEAST and POODLE. https://bugzilla.cyrusimap.org/show_bug.cgi?id=3867 remedies this issue by adding the configuration option 'tls_versions' to the imapd.conf file. Note that users who upgrade existing installation of this package will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv1 and SSLv2 like before. To disable support for those protocols, it's necessary to edit imapd.conf manually to state 'tls_versions: tls1_0 tls1_1 tls1_2'. New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support SSLv1 and SSLv2 unless that support is explicitly enabled by the user. (bsc#901748) - An integer overflow vulnerability in cyrus-imapd's urlfetch range checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078, bsc#981670, bsc#954200, bsc#954201) - Support for Elliptic Curve Diffie–Hellman (ECDH) has been added to cyrus-imapd. (bsc#860611) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 91650
    published 2016-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91650
    title SUSE SLES12 Security Update : cyrus-imapd (SUSE-SU-2016:1457-1) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1524-1.NASL
    description openssl was updated to fix four security issues. These security issues were fixed : - SRTP Memory Leak (CVE-2014-3513). - Session Ticket Memory Leak (CVE-2014-3567). - Fixed incomplete no-ssl3 build option (CVE-2014-3568). - Add support for TLS_FALLBACK_SCSV (CVE-2014-3566). NOTE: This update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 83648
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83648
    title SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2014:1524-1) (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1948.NASL
    description Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 The nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2.3, which provides a number of bug fixes and enhancements over the previous version, and adds the support for Mozilla Firefox 31.3. (BZ#1158159, BZ#1165003, BZ#1165525) Users of nss, nss-util, and nss-softokn are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue, fix these bugs, and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 79685
    published 2014-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79685
    title RHEL 5 / 6 / 7 : nss, nss-util, and nss-softokn (RHSA-2014:1948) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-14217.NASL
    description - SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566. - Several PGP/Core plugin improvements - A new version of the RSSyl plugin, completely redesigned and rewritten. - The results of TAB address completion in the Compose window have improved ordering. - Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0. - In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented. - In the Compose window, a mnemonic (s) has been added to the Subject line. - The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed. - When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting. - A new QuickSearch filter has been added that searches a header's content only. H S : messages which contain S in the value of any header. - A Reply-To field has been added to the main Template configuration. - The menubar can now be hidden, default hotkey: F12. - Fancy plugin: A user-controlled stylesheet can now be used. - Python plugin: Add flag attributes to MessageInfo object. - Python plugin: Make 'account' property of ComposeWindow read/write. - Libravatar plugin: a network timeout option has been added. - Use 'gnutls_priority' hidden account preference for POP3 and STARTTLS connections, in addition to SMTP. - RSSyl plugin: Enable use of .netrc to store network credentials. - The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion. - Updated translations - Various Bugfixes New in 3.10.1 : - Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro). - RFE 3196, 'When changing quicksearch Search Type, set focus to search input box' - PGP/Core plugin: Generate 2048 bit RSA keys. - Major code cleanup. - Extended claws-mail.desktop with Compose and Receive actions. - Updated Bulgarian, Brazilian Portuguese, Czech, Dutch, Esperanto, Finnish, French, German,Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations. - Bug fixes New in 3.10.0 : - Complete SSL certificate chains are now saved, and if built with Libetpan 1.4.1, the IMAP SSL connection's certificate chain is made available. Both of these allow correct certificate verification instead of a bogus 'No certificate issuer found' status. - Auto-configuration of account email servers, based on SRV records, is now possible. (GLib >= 2.22 is required.) - Added a preference to avoid automatically drafting emails that are to be sent encrypted, (Configuration/Preferences/Compose/Writing). - Messages saved as Drafts are now saved as New, highlighting the Drafts folder, in order to draw the attention to unfinished mails there. - It is now possible to add a 'Replace signature' button to the Compose window toolbar. - Quotation wrapping and undo/redo in the Compose window has been improved. - 'Reply to all' now excludes your own address. - The 'Generate X-Mailer header' option has been renamed 'Add user agent header' and applies to both X-Mailer and X-Newsreader headers. - Added hidden preferences, 'address_search_wildcard' and 'folder_search_wildcard', to choose between matching from start of the folder name/address or any part of the name. (Activating these options restores the previous behaviour.) - Added hidden preference 'enable_avatars' to control the internal capture/render process, and which allows disabling it by external plugins for example. - 'Check for new folders' now only updates the folder list, not updating the contents of folders. If needed, it can be followed by 'Check for new messages' - When using Redirect, the redirecting account's address is used in the SMTP MAIL FROM instead of the original sender's address. - NEW: Libravatar plugin, which displays avatars from https://www.libravatar.org/ - Added support for an arbitrary number and sources of 'avatars' and images for email senders, and migrated Face and X-Face headers. - Avatars are now included when printing mails. - The GPG keyring can now be used as the source for address auto-completion. - The vCalendar and RSSyl plugins now have an option to disable SSL certificate verification (and check them by default). - The ClamAV plugin now pops up an error message only once instead of repeatedly - Updated the man page and the manual. - Updated Brazilian Portuguese, British English, Czech, Dutch, Finnish, French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations. - Added Esperanto translation. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-08
    plugin id 79096
    published 2014-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79096
    title Fedora 21 : claws-mail-3.11.1-2.fc21 / claws-mail-plugins-3.11.1-1.fc21 / libetpan-1.6-1.fc21 (2014-14217) (POODLE)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3147.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 81111
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81111
    title Debian DSA-3147-1 : openjdk-6 - security update (POODLE)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0069.NASL
    description Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-6601, CVE-2015-0437) Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2014-6549, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 80870
    published 2015-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80870
    title CentOS 6 : java-1.8.0-openjdk (CESA-2015:0069) (POODLE)
  • NASL family Windows
    NASL id STUNNEL_5_06.NASL
    description The version of stunnel installed on the remote host is prior to version 5.06. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks. (CVE-2014-3513) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - An error exists related to session ticket handling that can allow denial of service attacks via memory leaks. (CVE-2014-3567) - An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2017-10-29
    modified 2016-07-29
    plugin id 78584
    published 2014-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78584
    title stunnel < 5.06 OpenSSL Multiple Vulnerabilities (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0080.NASL
    description Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 31 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 80932
    published 2015-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80932
    title RHEL 6 : java-1.8.0-oracle (RHSA-2015:0080) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-15411.NASL
    description This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3 by default for the most predominate uses of TLS in Node.js. It took longer than expected to get this release accomplished in a way that would provide appropriate default security settings, while minimizing the surface area for the behavior change we were introducing. It was also important that we validated that our changes were being applied in the variety of configurations we support in our APIs. With this release, we are confident that the only behavior change is that of the default allowed protocols do not include SSLv2 or SSLv3. Though you are still able to programatically consume those protocols if necessary. Included is the documentation that you can find at https://nodejs.org/api/tls.html#tls_protocol_support that describes how this works going forward for client and server implementations. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-10-18
    plugin id 79898
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79898
    title Fedora 21 : libuv-0.10.29-1.fc21 / nodejs-0.10.33-1.fc21 (2014-15411) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-294.NASL
    description This update for libopenssl0_9_8 fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to : - Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - The package was updated to 0.9.8zh : - fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166 - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787) - fix CVE-2015-3197 (boo#963415) - SSLv2 doesn't block disabled ciphers
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 89651
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89651
    title openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0698.NASL
    description Updated rhevm-spice-client packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Virtualization Manager 3. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029, CVE-2014-8137, CVE-2011-4516, CVE-2011-4517, CVE-2008-3520, CVE-2008-3522) Red Hat would like to thank oCERT for reporting CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029, CVE-2011-4516, and CVE-2011-4517. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter of CVE-2014-8137 and CVE-2014-8138; and pyddeh as the original reporter of CVE-2014-8157 and CVE-2014-8158. The mingw-openssl and mingw-jasper packages have been upgraded to the latest upstream version, which provides a number of bug fixes and enhancements over the previous version. (BZ#1187585) This update also fixes the following bugs : * Previously, a guest system installed with tools incorrectly always started in full screen mode, even when the 'Open in Full Screen' option was unchecked in console options. Now, when connecting in window mode with the option unchecked, the guest system starts in a window as expected. (BZ#1172126) * Prior to this update, copying and pasting of images from the client to the guest did not work when spice-gtk was built from upstream. Now, images can be copied and pasted without problems. (BZ#1187270) In addition, this update adds the following enhancement : * Administrators now have the option of automatic multiuser installation of virt-viewer onto many client workstations. (BZ#1187272) All rhevm-spice-client users are advised to upgrade to these updated packages, which correct these issues and add these enhancement.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 81969
    published 2015-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81969
    title RHEL 6 : rhevm-spice-client (RHSA-2015:0698) (POODLE)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_03175E62549411E49CC1BC5FF4FB5E7B.NASL
    description The OpenSSL Project reports : A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. [CVE-2014-3513]. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567]. OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566]. When OpenSSL is configured with 'no-ssl3' as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568].
    last seen 2017-10-29
    modified 2016-12-08
    plugin id 78495
    published 2014-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78495
    title FreeBSD : OpenSSL -- multiple vulnerabilities (03175e62-5494-11e4-9cc1-bc5ff4fb5e7b) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_PURE-FTPD-141120.NASL
    description pure-ftpd was updated to fix one security issue and two non-security bugs : - SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE. (CVE-2014-3566, bnc#902229) - Added the disable_ascii option. (bnc#828469) - Fixed wait on TLS handshake. (bnc#856424)
    last seen 2017-10-29
    modified 2015-01-13
    plugin id 79739
    published 2014-12-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79739
    title SuSE 11.3 Security Update : pure-ftpd (SAT Patch Number 10004)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141016_OPENSSL_ON_SL6_X.NASL
    description This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see Upstream's Knowledgebase article at https://access.redhat.com/articles/1232123 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 78537
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78537
    title Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0068.NASL
    description Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 80881
    published 2015-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80881
    title RHEL 5 : java-1.7.0-openjdk (RHSA-2015:0068) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-IBM-141121.NASL
    description java-1_7_0-ibm has been updated to version 1.7.0_sr7.2 to fix 21 security issues. These security issues have been fixed : - Unspecified vulnerability. (CVE-2014-3065) - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue. (CVE-2014-3566) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. (CVE-2014-6513) - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2014-6456) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6493 / CVE-2014-6532. (CVE-2014-6503) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6493 / CVE-2014-6503. (CVE-2014-6532) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493 / CVE-2014-6503 / CVE-2014-6532. (CVE-2014-4288) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288 / CVE-2014-6503 / CVE-2014-6532. (CVE-2014-6493) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6492) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6458) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2014-6466) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. (CVE-2014-6506) - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. (CVE-2014-6476) - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. (CVE-2014-6515) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. (CVE-2014-6511) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. (CVE-2014-6531) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. (CVE-2014-6512) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. (CVE-2014-6457) - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. (CVE-2014-6527) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. (CVE-2014-6502) - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. (CVE-2014-6558) More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update _November_2014
    last seen 2017-10-29
    modified 2015-01-13
    plugin id 79635
    published 2014-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79635
    title SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9999)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3053.NASL
    description Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. - CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. - CVE-2014-3566 ('POODLE') A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This update adds support for Fallback SCSV to mitigate this issue. - CVE-2014-3567 A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. - CVE-2014-3568 When OpenSSL is configured with 'no-ssl3' as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 78520
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78520
    title Debian DSA-3053-1 : openssl - security update (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1882.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 2 December 2014] This advisory has been updated to include updated java-1.7.0-ibm-jdbc and java-1.7.0-ibm-plugin packages, which were previously missing from this erratum. No changes were made to the other packages in this erratum. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. Note: This is the last update for the java-1.7.0-ibm packages distributed via the Red Hat Enterprise Linux 6 Supplementary channels. The RHEA-2014:1619 advisory, released as a part of Red Hat Enterprise Linux 6.6, introduced the new java-1.7.1-ibm packages. These packages contain IBM Java SE version 7 Release 1, which adds multiple enhancements over the IBM Java SE version 7 in the java-1.7.0-ibm packages. All java-1.7.0-ibm users must migrate to java-1.7.1-ibm packages to continue receiving updates for the IBM Java SE version 7 via the Red Hat Enterprise Linux 6 Supplementary channel. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR8 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 79379
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79379
    title RHEL 6 : java-1.7.0-ibm (RHSA-2014:1882) (POODLE)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0069.NASL
    description From Red Hat Security Advisory 2015:0069 : Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-6601, CVE-2015-0437) Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2014-6549, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 80901
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80901
    title Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2015-0069) (POODLE)
  • NASL family Misc.
    NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL
    description The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components : - Apache HTTP Server - Client - Gateway JARP module - Gateway Reverse Proxy - OpenSSL - Print Servlet (only in 5.0 / 5.1) - SGD SSL Daemon (ttassl) - Web Server
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 80912
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80912
    title Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-218.NASL
    description Multiple vulnerabilities has been discovered and corrected in asterisk : Remote crash when handling out of call message in certain dialplan configurations (CVE-2014-6610). Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566). Mixed IP address families in access control lists may permit unwanted traffic. High call load may result in hung channels in ConfBridge. Permission escalation through ConfBridge actions/dialplan functions. The updated packages has been upgraded to the 11.14.1 version which is not vulnerable to these issues.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 79405
    published 2014-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79405
    title Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-157.NASL
    description Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 82140
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82140
    title Debian DLA-157-1 : openjdk-6 security update (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2396-1.NASL
    description This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements : - Fix OpenSSL ciphers stopped parsing at +. (CVE-2016-3099) - Created valgrind suppression files to ease debugging. - Implement SSL_PPTYPE_FILTER to call executables to get the key password pins. - Improvements to migrate.pl. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI). - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Fix logical AND support in OpenSSL cipher compatibility. - Correctly handle disabled ciphers. (CVE-2015-5244) - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in NSS. - Add compatibility for mod_ssl-style cipher definitions. - Add TLSv1.2-specific ciphers. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Fix CVE-2013-4566. - Move nss_pcache to /usr/libexec. - Support httpd 2.4+. - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Use apache2-systemd-ask-pass to prompt for a certificate passphrase. (bsc#972968, bsc#975394) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 93767
    published 2016-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93767
    title SUSE SLES12 Security Update : apache2-mod_nss (SUSE-SU-2016:2396-1) (POODLE)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-480.NASL
    description A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412 , CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585 , CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat.
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 81326
    published 2015-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81326
    title Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-480) (POODLE)
  • NASL family Windows
    NASL id IBM_DOMINO_9_0_1_FP2.NASL
    description The version of IBM Domino (formerly Lotus Domino) installed on the remote host is 9.0.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
    last seen 2017-10-29
    modified 2017-07-05
    plugin id 77811
    published 2014-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77811
    title IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1387-1.NASL
    description This OpenSSL update fixes the following issues : - Session Ticket Memory Leak (CVE-2014-3567) - Build option no-ssl3 is incomplete ((CVE-2014-3568) - Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 83641
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83641
    title SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:1387-1) (POODLE)
  • NASL family Web Servers
    NASL id WEBSPHERE_7_0_0_37.NASL
    description The IBM WebSphere Application Server running on the remote host is version 7.0 prior to Fix Pack 37. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566 / PI27101) - An input validation error exists related to session input using URL rewriting that can allow cross-site scripting attacks. (CVE-2014-6167 / PI23819) - An error exists related to the administrative console that can allow 'click-jacking' attacks. (CVE-2014-6174 / PI27152) - Multiple errors exist in the bundled IBM Java SDK. These errors are corrected by the October 2014 IBM Java SDK updates. (CVE-2014-6457, CVE-2014-6512, CVE-2014-6558 / PI27101) - Multiple errors exist in the bundled IBM Java SDK. These errors are corrected by the January 2015 IBM Java SDK updates. (CVE-2014-6593, CVE-2015-0400, CVE-2015-0410) / PI33407
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 81825
    published 2015-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81825
    title IBM WebSphere Application Server 7.0 < Fix Pack 37 Multiple Vulnerabilities (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1876.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR8 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 79351
    published 2014-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79351
    title RHEL 5 : java-1.7.0-ibm (RHSA-2014:1876) (POODLE)
  • NASL family Windows
    NASL id CISCO_ANYCONNECT_3_1_5187.NASL
    description The remote host has a version of Cisco AnyConnect prior to 3.1(5187). It is, therefore, affected by an information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78676
    published 2014-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78676
    title Cisco AnyConnect Secure Mobility Client < 3.1(5187) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_COMPAT-OPENSSL097G-141202.NASL
    description The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues : - Build option no-ssl3 is incomplete. (CVE-2014-3568) - Add support for TLS_FALLBACK_SCSV. (CVE-2014-3566) - Information leak in pretty printing functions. (CVE-2014-3508) - OCSP bad key DoS attack. (CVE-2013-0166) - SSL/TLS CBC plaintext recovery attack. (CVE-2013-0169) - Anonymous ECDH denial of service. (CVE-2014-3470) - SSL/TLS MITM vulnerability (CVE-2014-0224)
    last seen 2017-10-29
    modified 2015-01-28
    plugin id 79738
    published 2014-12-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79738
    title SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0085.NASL
    description From Red Hat Security Advisory 2015:0085 : Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 81011
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81011
    title Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-0085) (POODLE)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1652.NASL
    description From Red Hat Security Advisory 2014:1652 : Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 78529
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78529
    title Oracle Linux 6 / 7 : openssl (ELSA-2014-1652) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-459.NASL
    description This update for slrn contains one security improvement : - CVE-2014-3566: Disable SSLv3 to prevent POODLE attack (boo#1031023) The version 1.0.3 also contains a number of display and message processing improvements.
    last seen 2017-10-29
    modified 2017-04-12
    plugin id 99297
    published 2017-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99297
    title openSUSE Security Update : slrn (openSUSE-2017-459) (POODLE)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SERVER_4_0.NASL
    description The remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591) - There are multiple vulnerabilities within the included LibYAML for the Profile Manager and ServerRuby, the most serious of which can lead to arbitrary code execution. (CVE-2013-4164, CVE-2013-6393) - There are multiple vulnerabilities within the included PostgreSQL, the most serious of which can lead to arbitrary code execution. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - A cross-site scripting flaw exists in the Xcode Server due to not properly validating input before returning it to the user. This can allow a remote attacker, using a specially crafted request, to execute code within the browser / server trust relationship. (CVE-2014-4406) - A SQL injection flaw exists in the Wiki Server due to not properly sanitizing user input before using it in SQL queries. This can allow a remote attacker, using a specially crafted request, to inject or manipulate SQL queries, thus allowing the manipulation or disclosure of arbitrary data. (CVE-2014-4424) - A restriction bypass flaw exists in the Mail Server due to SCAL changes being cached and not enforced until the service had restarted. This can allow an authenticated remote attacker to bypass those restrictions. (CVE-2014-4446) - A password disclosure flaw exists in the Profile Manager due to passwords being potentially saved to a file when editing or setting up a profile. This can allow a local attacker to gain access to password information. (CVE-2014-4447)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 78601
    published 2014-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78601
    title Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0264.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2014-3065, CVE-2014-3068, CVE-2014-3566, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) The CVE-2014-4262 and CVE-2014-6512 issues were discovered by Florian Weimer of Red Hat Product Security. Users of Red Hat Satellite 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 81505
    published 2015-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81505
    title RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264) (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1881.NASL
    description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-6457, CVE-2014-6502, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6531, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP8 release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 79378
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79378
    title RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1881) (POODLE)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3489.NASL
    description lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default.
    last seen 2017-10-29
    modified 2016-10-10
    plugin id 88941
    published 2016-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88941
    title Debian DSA-3489-1 : lighttpd - security update (POODLE)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    description Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-6601, CVE-2015-0437) Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2014-6549, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the- middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 80904
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80904
    title Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (POODLE)
  • NASL family Web Servers
    NASL id TOMCAT_6_0_43.NASL
    description According to its self-reported version number, the Apache Tomcat service listening on the remote host is 6.0.x prior to 6.0.43. It is, therefore, affected by the following vulnerabilities : - An error exists in the function 'ssl3_read_bytes' that can allow data to be injected into other sessions or allow denial of service attacks. Note that this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298) - A buffer overflow error exists related to invalid DTLS fragment handling that can lead to the execution of arbitrary code. Note that this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195) - An error exists in the function 'do_ssl3_write' that can allow a NULL pointer to be dereferenced leading to denial of service attacks. Note that this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198) - An error exists related to DTLS handshake handling that can lead to denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client. (CVE-2014-0221) - An unspecified error exists in how ChangeCipherSpec messages are processed that can allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks. (CVE-2014-0224) - An unspecified error exists related to anonymous ECDH cipher suites that can allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470) - A memory double-free error exists in 'd1_both.c' related to handling DTLS packets that allows denial of service attacks. (CVE-2014-3505) - An unspecified error exists in 'd1_both.c' related to handling DTLS handshake messages that allows denial of service attacks due to large amounts of memory being consumed. (CVE-2014-3506) - A memory leak error exists in 'd1_both.c' related to handling specially crafted DTLS packets that allows denial of service attacks. (CVE-2014-3507) - An error exists in the 'OBJ_obj2txt' function when various 'X509_name_*' pretty printing functions are used, which leak process stack data, resulting in an information disclosure. (CVE-2014-3508) - An error exists related to 'ec point format extension' handling and multithreaded clients that allows freed memory to be overwritten during a resumed session. (CVE-2014-3509) - A NULL pointer dereference error exists related to handling anonymous ECDH cipher suites and crafted handshake messages that allows denial of service attacks against clients. (CVE-2014-3510) - An error exists related to handling fragmented 'ClientHello' messages that allows a man-in-the-middle attacker to force usage of TLS 1.0 regardless of higher protocol levels being supported by both the server and the client. (CVE-2014-3511) - Buffer overflow errors exist in 'srp_lib.c' related to handling Secure Remote Password protocol (SRP) parameters, which can allow a denial of service or have other unspecified impact. (CVE-2014-3512) - A memory leak issue exists in 'd1_srtp.c' related to the DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks. (CVE-2014-3513) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. Man-in-the-middle attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - A memory leak issue exists in 't1_lib.c' related to session ticket handling that can allow denial of service attacks. (CVE-2014-3567) - An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568) - A NULL pointer dereference error exists in 't1_lib.c', related to handling Secure Remote Password protocol (SRP) ServerHello messages, which allows a malicious server to crash a client, resulting in a denial of service. (CVE-2014-5139) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-05-22
    modified 2018-05-21
    plugin id 81649
    published 2015-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81649
    title Apache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2285-1.NASL
    description This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements : - Fix OpenSSL ciphers stopped parsing at +. (CVE-2016-3099) - Created valgrind suppression files to ease debugging. - Implement SSL_PPTYPE_FILTER to call executables to get the key password pins. - Improvements to migrate.pl. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI). - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Fix logical AND support in OpenSSL cipher compatibility. - Correctly handle disabled ciphers. (CVE-2015-5244) - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in NSS. - Add compatibility for mod_ssl-style cipher definitions. - Add TLSv1.2-specific ciphers. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Fix CVE-2013-4566. - Move nss_pcache to /usr/libexec. - Support httpd 2.4+. - Use apache2-systemd-ask-pass to prompt for a certificate passphrase. (bsc#972968, bsc#975394) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 93457
    published 2016-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93457
    title SUSE SLES12 Security Update : apache2-mod_nss (SUSE-SU-2016:2285-1) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1339.NASL
    description This update for monit fixes the following issues : - CVE-2016-7067: A malicious attacker could have used a cross-site request forgery vulnerability to trick an authenticated user to perform monit actions. Monit was updated to 5.20, containing all upstream improvements and bug fixes. The following tracked packaging bugs were fixed : - disable sslv3 according to RFC7568 (boo#974763) - fixed pid file directory (boo#971647)
    last seen 2017-10-29
    modified 2016-11-23
    plugin id 95272
    published 2016-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95272
    title openSUSE Security Update : monit (openSUSE-2016-1339) (POODLE)
  • NASL family Web Servers
    NASL id TOMCAT_8_0_15.NASL
    description According to its self-reported version number, the Apache Tomcat server listening on the remote host is 8.0.x prior to 8.0.15. It is, therefore, affected by the following vulnerabilities : - A memory double-free error exists in 'd1_both.c' related to handling DTLS packets that allows denial of service attacks. (CVE-2014-3505) - An unspecified error exists in 'd1_both.c' related to handling DTLS handshake messages that allows denial of service attacks due to large amounts of memory being consumed. (CVE-2014-3506) - A memory leak error exists in 'd1_both.c' related to handling specially crafted DTLS packets that allows denial of service attacks. (CVE-2014-3507) - An error exists in the 'OBJ_obj2txt' function when various 'X509_name_*' pretty printing functions are used, which leak process stack data, resulting in an information disclosure. (CVE-2014-3508) - An error exists related to 'ec point format extension' handling and multithreaded clients that allows freed memory to be overwritten during a resumed session. (CVE-2014-3509) - A NULL pointer dereference error exists related to handling anonymous ECDH cipher suites and crafted handshake messages that allows denial of service attacks against clients. (CVE-2014-3510) - An error exists related to handling fragmented 'ClientHello' messages that allows a man-in-the-middle attacker to force usage of TLS 1.0 regardless of higher protocol levels being supported by both the server and the client. (CVE-2014-3511) - Buffer overflow errors exist in 'srp_lib.c' related to handling Secure Remote Password protocol (SRP) parameters, which can allow a denial of service or have other unspecified impact. (CVE-2014-3512) - A memory leak issue exists in 'd1_srtp.c' related to the DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks. (CVE-2014-3513) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. Man-in-the-middle attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - A memory leak issue exists in 't1_lib.c' related to session ticket handling that can allow denial of service attacks. (CVE-2014-3567) - An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568) - A NULL pointer dereference error exists in 't1_lib.c', related to handling Secure Remote Password protocol (SRP) ServerHello messages, which allows a malicious server to crash a client, resulting in a denial of service. (CVE-2014-5139) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-01-26
    modified 2018-01-24
    plugin id 81651
    published 2015-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81651
    title Apache Tomcat 8.0.x < 8.0.15 Multiple Vulnerabilities (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-12951.NASL
    description Update fixing three moderate security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-08
    plugin id 78799
    published 2014-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78799
    title Fedora 21 : openssl-1.0.1j-1.fc21 (2014-12951) (POODLE)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201507-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-201507-14 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please review the CVE identifiers referenced below for details. Impact : An context-dependent attacker may be able to influence the confidentiality, integrity, and availability of Java applications/runtime. Workaround : There is no workaround at this time.
    last seen 2017-10-29
    modified 2016-10-10
    plugin id 84719
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84719
    title GLSA-201507-14 : Oracle JRE/JDK: Multiple vulnerabilities (POODLE)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-062.NASL
    description Multiple vulnerabilities has been discovered and corrected in openssl : Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298). The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160). The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195). The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198). The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224). The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470). Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567). The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569). The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204). The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205). Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (CVE-2015-0206). Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209). The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286). The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287). The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288). The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 82315
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82315
    title Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)
  • NASL family CGI abuses
    NASL id SPLUNK_607.NASL
    description According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A flaw exists in the included OpenSSL library due to handling session tickets that have not been properly verified for integrity. A remote attacker, by using a large number of invalid session tickets, can exploit this to cause a denial of service. (CVE-2014-3567) - A cross-site scripting flaw exists within the Dashboard due to improperly validating input. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code in the user's browser session within the trust relationship. (CVE-2014-5466) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2017-10-29
    modified 2016-05-12
    plugin id 79723
    published 2014-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79723
    title Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0085.NASL
    description Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2017-10-29
    modified 2017-01-06
    plugin id 81013
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81013
    title RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0085) (POODLE)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL
    description The version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 31, 7 Update 75, 6 Update 91, or 5 Update 81. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Deployment - Hotspot - Install - JAX-WS - JSSE - Libraries - RMI - Security - Serviceability - Swing
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 80907
    published 2015-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80907
    title Oracle Java SE Multiple Vulnerabilities (January 2015 CPU) (Unix) (POODLE)
  • NASL family Windows
    NASL id VMWARE_VCENTER_CHARGEBACK_MANAGER_VMSA_2015_0003.NASL
    description The version of VMware vCenter Chargeback Manager installed on the remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 82899
    published 2015-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82899
    title VMware vCenter Chargeback Manager Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)
  • NASL family Windows
    NASL id SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_V12_0_HOTFIX_2.NASL
    description The remote host is running a version of SolarWinds DameWare Mini Remote Control prior to 12.0 Hotfix 2. It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
    last seen 2017-10-29
    modified 2015-11-23
    plugin id 86995
    published 2015-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86995
    title SolarWinds DameWare Mini Remote Control < 12.0 Hotfix 2 SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2014-005.NASL
    description The remote host is running a version of Mac OS X 10.8 or 10.9 that does not have Security Update 2014-005 applied. This update contains several security-related fixes for the following issues : - A command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system. (CVE-2014-6271, CVE-2014-7169) - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2017-10-29
    modified 2017-04-25
    plugin id 78551
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78551
    title Mac OS X Multiple Vulnerabilities (Security Update 2014-005) (POODLE) (Shellshock)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10.NASL
    description The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Dock - fdesetup - iCloud Find My Mac - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - LaunchServices - LoginWindow - Mail - MCX Desktop Config Profiles - NetFS Client Framework - QuickTime - Safari - Secure Transport - Security - Security - Code Signing Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2017-10-29
    modified 2017-04-25
    plugin id 78550
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78550
    title Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1653.NASL
    description From Red Hat Security Advisory 2014:1653 : Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 78530
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78530
    title Oracle Linux 5 : openssl (ELSA-2014-1653) (POODLE)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-605.NASL
    description The following issues were fixed in this release : CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513, CVE-2014-3567: DTLS memory leak and session ticket memory leak
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 78733
    published 2014-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78733
    title openSUSE Security Update : openssl (openSUSE-SU-2014:1331-1) (POODLE)
  • NASL family Web Servers
    NASL id WEBSPHERE_8_5_5_4.NASL
    description The IBM WebSphere Application Server running on the remote host is version 8.5 prior to Fix Pack 8.5.5.4. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that can allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An unspecified error exists related to HTTP headers that can allow information disclosure. (CVE-2014-3021 / PI08268) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566 / PI28435, PI28436, PI28437) - An unspecified input validation errors exist related to the administrative console that can allow cross-site scripting and cross-site request forgery attacks. (CVE-2014-4770, CVE-2014-4816 / PI23055) - An unspecified error exists that can allow OpenID and OpenID Connect cookies to be spoofed, allowing information disclosure. (CVE-2014-6164 / PI23430) - An error exists related to the Communications Enabled Applications (CEA) service that can allow XML External Entity Injection (XXE) attacks leading to information disclosure. This only occurs if CEA is enabled. By default this is disabled. (CVE-2014-6166 / PI25310) - An input validation error exists related to session input using URL rewriting that can allow cross-site scripting attacks. (CVE-2014-6167 / PI23819) - An error exists related to the administrative console that can allow 'click-jacking' attacks. (CVE-2014-6174 / PI27152) - An error exists related to deployment descriptor security constraints and ServletSecurity annotations on a servlet that can allow privilege escalation. Note that this issue only affects the 'Liberty Profile'. (CVE-2014-8890 / PI29911)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 80398
    published 2015-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80398
    title IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.4 Multiple Vulnerabilities (POODLE)
  • NASL family AIX Local Security Checks
    NASL id AIX_OPENSSL_ADVISORY11.NASL
    description The version of OpenSSL installed on the remote host is affected by the following vulnerabilities : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks. (CVE-2014-3513) - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - An error exists related to session ticket handling that can allow denial of service attacks via memory leaks. (CVE-2014-3567)
    last seen 2018-06-12
    modified 2018-06-12
    plugin id 78772
    published 2014-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78772
    title AIX OpenSSL Advisory : openssl_advisory11.asc (POODLE)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV73976.NASL
    description A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
    last seen 2018-06-13
    modified 2018-06-12
    plugin id 84275
    published 2015-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84275
    title AIX 6.1 TL 9 : nettcp (IV73976) (POODLE)
  • NASL family Misc.
    NASL id VMWARE_VCENTER_VMSA-2015-0003.NASL
    description The VMware vCenter Server installed on the remote host is version 5.0 prior to 5.0u3d, 5.1 prior to 5.1u3a, 5.5 prior to 5.5u2e, or 6.0 prior to 6.0.0a. It is, therefore, affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE, related to the bundled JRE component. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. Additionally, multiple unspecified vulnerabilities also exist in the following bundled JRE components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 83186
    published 2015-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83186
    title VMware vCenter Server Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)
  • NASL family Windows
    NASL id VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL
    description The VMware Horizon View installed on the remote Windows host is version 5.x prior to 5.3.4 or version 6.x prior to 6.1. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - An XML external entity (XXE) injection vulnerability exists in the included Flex BlazeDS component due to an incorrect configuration of the XML parser that allows external XML entities to be accepted from untrusted sources. An unauthenticated, remote attacker can exploit this vulnerability, via a via a crafted AMF message, to gain access to sensitive information. (CVE-2015-3269) - A flaw exists in the bundled Adobe ColdFusion and LiveCycle Data Services components related to request handling between a user and the server. A remote attacker can exploit this, via a specially crafted request, to bypass access restrictions (e.g. host or network ACLs), conduct port scanning of internal networks, enumerate internal hosts, or possibly invoke additional protocols (e.g. Gopher, TFTP). (CVE-2015-5255) Additionally, unspecified vulnerabilities also exist in the following bundled Java components : - 2D (CVE-2014-6585, CVE-2014-6591) - Deployment (CVE-2015-0403, CVE-2015-0406) - Hotspot (CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0437) - Installation (CVE-2015-0421) - JAX-WS (CVE-2015-0412) - JSSE (CVE-2014-6593) - Libraries (CVE-2014-6549, CVE-2014-6587, CVE-2015-0400) - RMI (CVE-2015-0408) - Security (CVE-2015-0410) - Serviceability (CVE-2015-0413) - Swing (CVE-2015-0407)
    last seen 2017-10-29
    modified 2017-02-10
    plugin id 82741
    published 2015-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82741
    title VMware Horizon View Multiple Vulnerabilities (VMSA-2015-0003) (VMSA-2015-0008) (POODLE)
  • NASL family Databases
    NASL id ORACLE_RDBMS_CPU_JUL_2017.NASL
    description The remote Oracle Database Server is missing the July 2017 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183) - An unspecified vulnerability exists in the RDBMS Security component that allows a local attacker to impact integrity. Note that the attacker would need to have Create Session or Select Any Dictionary privileges. (CVE-2017-10120) - An unspecified vulnerability exists in the OJVM component that allows an authenticated, remote attacker to impact confidentiality, integrity, and availability. Note that the attacker would need to have Create Session or Create Procedure privileges. (CVE-2017-10202)
    last seen 2018-05-22
    modified 2018-05-21
    plugin id 101836
    published 2017-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101836
    title Oracle Database Multiple Vulnerabilities (July 2017 CPU) (POODLE) (SWEET32)
  • NASL family Windows
    NASL id IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL
    description The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.16 / 8.0.0.x prior to 8.0.0.13 / 8.0.1.x prior to 8.0.1.6 installed. It is, therefore, potentially affected by multiple vulnerabilities in third party libraries : - An error exists in the libcURL and OpenSSL libraries related to an IP address that uses a wildcard in the subject's Common Name (CN) field of an X.509 certificate. A man-in-the-middle attacker can exploit this issue to spoof SSL servers. (CVE-2014-0139) - An error exists in the OpenSSL library related to 'ec point format extension' handling and multithreaded clients that allows freed memory to be overwritten during a resumed session. (CVE-2014-3509) - An error exists in the OpenSSL library related to handling fragmented 'ClientHello' messages that allow a man-in-the-middle attacker to force usage of TLS 1.0 regardless of higher protocol levels being supported by both the server and the client. (CVE-2014-3511) - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - An information disclosure flaw exists in the Java library within the 'share/classes/sun/security/rsa/RSACore.java' class related to 'RSA blinding' caused during operations using private keys and measuring timing differences. This allows a remote attacker to gain information about used keys. (CVE-2014-4244) - A flaw exists in the Java library within the 'validateDHPublicKey' function in the 'share/classes/sun/security/util/KeyUtil.java' class which is triggered during the validation of Diffie-Hellman public key parameters. This allows a remote attacker to recover a key. (CVE-2014-4263) - A NULL pointer dereference error exists in the OpenSSL library related to handling Secure Remote Password protocol (SRP) that allows a malicious server to crash a client, resulting in a denial of service. (CVE-2014-5139)
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 81784
    published 2015-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81784
    title IBM Rational ClearQuest 7.1.x < 7.1.2.16 / 8.0.0.x < 8.0.0.13 / 8.0.1.x < 8.0.1.6 Multiple Vulnerabilities (credentialed check) (POODLE)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0068.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details.
    last seen 2017-10-29
    modified 2017-02-14
    plugin id 84140
    published 2015-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84140
    title OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_OCT2014_ADVISORY.NASL
    description The version of Java SDK installed on the remote host is affected by the following vulnerabilities : - A privilege escalation vulnerability in the IBM Java SDK allows a local attacker to inject arbitrary code into the shared classes cache due to a flaw in the default configuration for the shared classes feature. Other users are able to execute the injected code, which can allow the attacker to gain elevated privileges. (CVE-2014-3065) - Oracle Java contains the flaw related to SSLv3 CBC-mode ciphers known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - Vulnerabilities in Oracle Java allow remote code execution via flaws in the Deployment subcomponent. (CVE-2014-4288, CVE-2014-6492, CVE-2014-6493, CVE-2014-6503, CVE-2014-6532) - A session hijacking vulnerability exists in Oracle Java due to a flaw related to handling of server certificate changes during SSL/TLS renegotiation. This allows an attacker to intercept communication between a client and server to hijack a mutually authenticated session. (CVE-2014-6457) - Privilege escalation vulnerabilities exist in Oracle Java within the the Deployment subcomponent. (CVE-2014-6458, CVE-2014-6466) - Data integrity vulnerabilities exist in Oracle Java within the the Deployment subcomponent. (CVE-2014-6476, CVE-2014-6515, CVE-2014-6527) - A privilege escalation vulnerability exists in Oracle Java in the resource bundle handling code of the 'LogRecord::readObject' function within the file 'share/classes/java/util/logging/LogRecord.java', which allows an attacker to bypass certain sandbox restrictions. (CVE-2014-6502) - A privilege escalation vulnerability exists in Oracle Java within the property processing and name handling code of 'share/classes/java/util/ResourceBundle.java', which allows an attacker to bypass certain sandbox restrictions. (CVE-2014-6506) - Oracle Java contains an unspecified vulnerability in the 2D subcomponent. (CVE-2014-6511) - An information disclosure vulnerability exists in Oracle Java due to a flaw related to the wrapping of datagram sockets in the DatagramSocket implementation. This issue may cause packets to be read that originate from other sources than the connected, thus allowing a remote attacker to carry out IP spoofing. (CVE-2014-6512) - A flaw exists in the way splash images are handled by 'windows/native/sun/awt/splashscreen/splashscreen_sys.c' which allows remote code execution. (CVE-2014-6513) - A privilege escalation vulnerability exists in Oracle Java in 'share/classes/java/util/logging/Logger.java' because it fails to check permissions in certain cases, allowing an attacker to bypass sandbox restrictions and view or edit logs. (CVE-2014-6531) - A flaw related to input cipher streams within the file 'share/classes/javax/crypto/CipherInputStream.java' can allow a remote attacker to affect the data integrity. (CVE-2014-6558)
    last seen 2018-06-12
    modified 2018-06-11
    plugin id 79626
    published 2014-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79626
    title AIX Java Advisory : java_oct2014_advisory.asc (POODLE)
  • NASL family CISCO
    NASL id CISCO-SA-20141015-POODLE-CUCM.NASL
    description According to its self-reported version, the remote Cisco Unified Communications Manager (CUCM) device is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
    last seen 2017-10-29
    modified 2016-05-24
    plugin id 79218
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79218
    title Cisco Unified Communications Manager SSLv3 Information Disclosure (cisco-sa-20141015-poodle) (POODLE)
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_FEB2015_ADVISORY.NASL
    description The version of Java SDK installed on the remote host is affected by the following vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - Information disclosure flaws exist in the font parsing code in the 2D component in OpenJDK. A specially crafted font file can exploit boundary check flaws and allow an untrusted Java applet or application to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) - A NULL pointer dereference flaw exists in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java applet or application can use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) - The SSL/TLS implementation in the JSSE component in OpenJDK fails to properly check whether the ChangeCipherSpec was received during a SSL/TLS connection handshake. An MitM attacker can use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) - An unspecified privilege escalation vulnerability exists in IBM Java Virtual Machine. (CVE-2014-8891) - An unspecified information disclosure vulnerability exists in the Libraries component of Oracle Java SE. (CVE-2015-0400) - An unspecified information disclosure vulnerability exists in the Deployment component of Oracle Java SE. (CVE-2015-0403) - Unspecified denial of service and information disclosure vulnerabilities exist in the Deployment component of Oracle Java SE. (CVE-2015-0406) - An information disclosure vulnerability exists in the Swing component in OpenJDK. An untrusted Java applet or application can use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) - Multiple improper permission check vulnerabilities exist in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java applet or application can use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2014-6549, CVE-2015-0408) - A denial of service vulnerability exists in the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK when handling negative length values. A specially crafted, DER-encoded input can cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410)
    last seen 2018-06-13
    modified 2018-06-12
    plugin id<