| nessus
via4
|
| NASL family | General | | NASL id | IBM_TSM_SERVER_6_2_6_0.NASL | | description | The version of IBM Tivoli Storage Manager installed on the remote host is 6.2.x prior to 6.2.6.0. It is, therefore, potentially affected by multiple flaws in its bundled SSL library:
- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted 'ClientHello' message. (CVE-2012-2190).
- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted value in the TLS Record Layer. (CVE-2012-2191).
- A flaw that could allow a remote attacker to perform a statistical timing attack known as 'Lucky Thirteen'.
(CVE-2013-0169). | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 77118 | | published | 2014-08-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77118 | | title | IBM Tivoli Storage Manager Server 6.2.x < 6.2.6.0 Multiple Vulnerabilities |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2013-095.NASL | | description | Updated java-1.7.0-openjdk packages fix security vulnerabilities :
Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2012-3174, CVE-2013-0422).
Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444).
Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges (CVE-2013-1478, CVE-2013-1480).
A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions (CVE-2013-0432).
The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted (CVE-2013-0435).
Multiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434).
It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack (CVE-2013-0424).
It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake (CVE-2013-0440).
It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack (CVE-2013-0443).
Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-1486, CVE-2013-1484).
An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2013-1485).
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle (CVE-2013-0169).
An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-0809).
It was discovered that the 2D component did not properly reject certain malformed images. Specially crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-1493). | | last seen | 2019-02-21 | | modified | 2018-07-19 | | plugin id | 66107 | | published | 2013-04-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66107 | | title | Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:095) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2013-0275.NASL | | description | Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.
Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2013-1486, CVE-2013-1484)
An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
(CVE-2013-1485)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 64731 | | published | 2013-02-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64731 | | title | CentOS 5 / 6 : java-1.7.0-openjdk (CESA-2013:0275) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_COMPAT-OPENSSL097G-141202.NASL | | description | The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues :
- Build option no-ssl3 is incomplete. (CVE-2014-3568)
- Add support for TLS_FALLBACK_SCSV. (CVE-2014-3566)
- Information leak in pretty printing functions.
(CVE-2014-3508)
- OCSP bad key DoS attack. (CVE-2013-0166)
- SSL/TLS CBC plaintext recovery attack. (CVE-2013-0169)
- Anonymous ECDH denial of service. (CVE-2014-3470)
- SSL/TLS MITM vulnerability (CVE-2014-0224) | | last seen | 2019-02-21 | | modified | 2015-01-28 | | plugin id | 79738 | | published | 2014-12-05 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79738 | | title | SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201310-10.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201310-10 (PolarSSL: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker might be able to cause Denial of Service, conduct a man-in-the middle attack, compromise an encrypted communication channel, or obtain sensitive information.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 70486 | | published | 2013-10-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=70486 | | title | GLSA-201310-10 : PolarSSL: Multiple vulnerabilities |
| NASL family | Web Servers | | NASL id | WEBSPHERE_8_0_0_7.NASL | | description | IBM WebSphere Application Server 8.0 before Fix Pack 7 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities :
- A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. (CVE-2012-2098 / PM90088)
- The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack.
(CVE-2013-0169 / PM85211)
- A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else's credentials.
(CVE-2013-0597 / PM85834 / PM87131)
- A flaw exists relating to OpenJPA that is triggered during deserialization, which could allow a remote attacker to write to the file system and potentially execute arbitrary code. Note the vendor states this application is not directly affected by this flaw;
however, this application does include the affected version of OpenJPA. (CVE-2013-1768 / PM86780)
- An input validation flaw exists in the optional 'mod_rewrite' module in the included IBM HTTP Server that could allow arbitrary command execution via HTTP requests containing certain escape sequences.
(CVE-2013-1862 / PM87808)
- A flaw exists related to the optional 'mod_dav' module in the included IBM HTTP Server that could allow denial of service conditions.
(CVE-2013-1896 / PM89996)
- User-supplied input validation errors exist related to the administrative console that could allow cross-site scripting attacks.
(CVE-2013-2967 / PM78614, CVE-2013-4004 / PM81571, CVE-2013-4005 / PM88208)
- An information disclosure vulnerability exists related to incorrect caching by the administrative console.
(CVE-2013-2976 / PM79992)
- A user-supplied input validation error exists that could allow cross-site request forgery (CSRF) attacks to be carried out. (CVE-2013-3029 / PM88746) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 69449 | | published | 2013-08-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69449 | | title | IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2013-153.NASL | | description | openssl was updated to 1.0.0k security release to fix bugs and security issues. (bnc#802648 bnc#802746) The version was upgraded to avoid backporting the large fixes for SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166)
Also the following bugfix was included: bnc#757773 - c_rehash to accept more filename extensions | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 74901 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74901 | | title | openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201401-30.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities)
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details.
Impact :
An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2018-01-03 | | plugin id | 72139 | | published | 2014-01-27 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72139 | | title | GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT) |
| NASL family | CGI abuses | | NASL id | IBM_TEM_8_2_1372.NASL | | description | The remote host is running a version of IBM Tivoli Endpoint Manager Server prior to 8.2.1372. It is, therefore, affected by multiple vulnerabilities :
- Multiple SSL related denial of service vulnerabilities exist. (CVE-2012-2686, CVE-2013-0166)
- An SSL side-channel timing analysis attack allows full or partial plaintext recovery by a third-party listener.
(CVE-2013-0169)
- A cross-site request forgery vulnerability exists in the Use Analysis Application that can be exploited via a specially crafted AMF message. (CVE-2013-0452)
- An unspecified cross-site scripting vulnerability exists in IBM Tivoli Endpoint Manager Web Reports.
(CVE-2013-0453) | | last seen | 2019-02-21 | | modified | 2018-11-28 | | plugin id | 66270 | | published | 2013-04-30 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66270 | | title | IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities |
| NASL family | General | | NASL id | IBM_TSM_SERVER_5_5_X.NASL | | description | The version of IBM Tivoli Storage Manager installed on the remote host is 5.5 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library:
- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted 'ClientHello' message. (CVE-2012-2190).
- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted value in the TLS Record Layer. (CVE-2012-2191).
- A flaw that could allow a remote attacker to perform a statistical timing attack known as 'Lucky Thirteen'.
(CVE-2013-0169). | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 77116 | | published | 2014-08-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77116 | | title | IBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2014-0416.NASL | | description | Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems.
The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues :
An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
(CVE-2014-0160)
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash.
(CVE-2013-4353)
It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)
Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter.
The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers :
CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166
All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues. | | last seen | 2019-02-21 | | modified | 2018-07-26 | | plugin id | 79013 | | published | 2014-11-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79013 | | title | RHEL 6 : rhevm-spice-client (RHSA-2014:0416) |
| NASL family | Databases | | NASL id | ORACLE_RDBMS_CPU_OCT_2013.NASL | | description | The remote Oracle database server is missing the October 2013 Critical Patch Update (CPU). It is, therefore, affected by multiple security vulnerabilities in the following components :
- Core RDBMS
- Oracle Security service
- XML Parser | | last seen | 2019-02-21 | | modified | 2018-07-18 | | plugin id | 70460 | | published | 2013-10-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=70460 | | title | Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0636.NASL | | description | An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.
A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.
(CVE-2012-6075)
It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619)
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166)
It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)
This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :
CVE-2013-0292 (dbus-glib issue)
CVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues)
CVE-2013-0338 (libxml2 issue)
This update contains the builds from the following errata :
ovirt-node: RHBA-2013:0634 https://rhn.redhat.com/errata/RHBA-2013-0634.html kernel:
RHSA-2013:0630 https://rhn.redhat.com/errata/RHSA-2013-0630.html dbus-glib: RHSA-2013:0568 https://rhn.redhat.com/errata/RHSA-2013-0568.html libcgroup:
RHBA-2013:0560 https://rhn.redhat.com/errata/RHBA-2013-0560.html vdsm:
RHBA-2013:0635 https://rhn.redhat.com/errata/RHBA-2013-0635.html selinux-policy: RHBA-2013:0618 https://rhn.redhat.com/errata/RHBA-2013-0618.html qemu-kvm-rhev:
RHSA-2013:0610 https://rhn.redhat.com/errata/RHSA-2013-0610.html glusterfs: RHBA-2013:0620 https://rhn.redhat.com/errata/RHBA-2013-0620.html gnutls:
RHSA-2013:0588 https://rhn.redhat.com/errata/RHSA-2013-0588.html ipmitool: RHBA-2013:0572 https://rhn.redhat.com/errata/RHBA-2013-0572.html libxml2:
RHSA-2013:0581 https://rhn.redhat.com/errata/RHSA-2013-0581.html openldap: RHBA-2013:0598 https://rhn.redhat.com/errata/RHBA-2013-0598.html openssl:
RHSA-2013:0587 https://rhn.redhat.com/errata/RHSA-2013-0587.html
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. | | last seen | 2019-02-21 | | modified | 2018-11-26 | | plugin id | 78952 | | published | 2014-11-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=78952 | | title | RHEL 6 : rhev-hypervisor6 (RHSA-2013:0636) |
| NASL family | Misc. | | NASL id | ORACLE_JAVA_CPU_FEB_2013_1_UNIX.NASL | | description | The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 15, 6 Update 41, 5 Update 40 or 1.4.2 Update 42. It is, therefore, potentially affected by security issues in the following components :
- Deployment
- JMX
- JSSE
- Libraries | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 64851 | | published | 2013-02-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64851 | | title | Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) (Unix) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0275.NASL | | description | Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.
Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2013-1486, CVE-2013-1484)
An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
(CVE-2013-1485)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 64748 | | published | 2013-02-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64748 | | title | RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0275) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0532.NASL | | description | Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
(CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487)
All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 15 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-07-26 | | plugin id | 64775 | | published | 2013-02-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64775 | | title | RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0532) |
| NASL family | General | | NASL id | IBM_TSM_SERVER_6_1_X.NASL | | description | The version of IBM Tivoli Storage Manager installed on the remote host is 6.1 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library:
- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted 'ClientHello' message. (CVE-2012-2190).
- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted value in the TLS Record Layer. (CVE-2012-2191).
- A flaw that could allow a remote attacker to perform a statistical timing attack known as 'Lucky Thirteen'.
(CVE-2013-0169). | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 77117 | | published | 2014-08-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77117 | | title | IBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities |
| NASL family | Misc. | | NASL id | VMWARE_ESXI_5_1_BUILD_1483097_REMOTE.NASL | | description | The remote VMware ESXi 5.1 host is affected by the following vulnerabilities :
- A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. (CVE-2013-0166)
- An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker can obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)
- An error exists in the libxml2 library related to the expansion of XML internal entities that could allow denial of service attacks. (CVE-2013-0338)
- A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. An attacker can exploit this by intercepting and modifying NFC traffic, to cause a denial of service condition. (CVE-2014-1207)
- A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 72037 | | published | 2014-01-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=72037 | | title | ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check) |
| NASL family | Windows | | NASL id | ORACLE_JAVA_CPU_FEB_2013_1.NASL | | description | The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 15, 6 Update 41, 5 Update 40 or 1.4.2 Update 42. It is, therefore, potentially affected by security issues in the following components :
- Deployment
- JMX
- JSSE
- Libraries | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 64790 | | published | 2013-02-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64790 | | title | Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) |
| NASL family | Databases | | NASL id | DB2_101FP3A.NASL | | description | According to its version, the installation of IBM DB2 10.1 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities :
- The included version of GSKit contains an error related to CBC-mode and timing that could allow an attacker to recover plaintext from encrypted communications. (CVE-2013-0169)
- An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747)
- A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907)
- An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 76110 | | published | 2014-06-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76110 | | title | IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2014-0007.NASL | | description | The remote OracleVM system is missing necessary patches to address critical security updates :
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
- replace expired GlobalSign Root CA certificate in ca-bundle.crt
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051)
- use __secure_getenv everywhere instead of getenv (#839735)
- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185)
- fix problem with the SGC restart patch that might terminate handshake incorrectly
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770)
- fix for CVE-2011-4109 - double free in policy checks (#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- add known answer test for SHA2 algorithms (#740866)
- make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410)
- fix incorrect return value in parse_yesno (#726593)
- added DigiCert CA certificates to ca-bundle (#735819)
- added a new section about error states to README.FIPS (#628976)
- add missing DH_check_pub_key call when DH key is computed (#698175)
- presort list of ciphers available in SSL (#688901)
- accept connection in s_server even if getaddrinfo fails (#561260)
- point to openssl dgst for list of supported digests (#608639)
- fix handling of future TLS versions (#599112)
- added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856)
- upstream fixes for the CHIL engine (#622003, #671484)
- add SHA-2 hashes in SSL_library_init (#676384)
- fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774)
- fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125)
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 79531 | | published | 2014-11-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79531 | | title | OracleVM 2.2 : openssl (OVMSA-2014-0007) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-1735-1.NASL | | description | Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the 'Lucky Thirteen' issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
(CVE-2013-0169)
A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484)
A data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-1485)
Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2013-1486, CVE-2013-1487).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 64801 | | published | 2013-02-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64801 | | title | Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1735-1) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2016-294.NASL | | description | This update for libopenssl0_9_8 fixes the following issues :
- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to :
- Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL protocol 2 by default previously.
- Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'.
- CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well.
- CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions.
If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable.
- The package was updated to 0.9.8zh :
- fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166
- avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787)
- fix CVE-2015-3197 (boo#963415)
- SSLv2 doesn't block disabled ciphers | | last seen | 2019-02-21 | | modified | 2016-12-07 | | plugin id | 89651 | | published | 2016-03-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=89651 | | title | openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DLA-1518.NASL | | description | Two vulnerabilities were discovered in polarssl, a lightweight crypto and SSL/TLS library (nowadays continued under the name mbedtls) which could result in plain text recovery via side-channel attacks.
Two other minor vulnerabilities were discovered in polarssl which could result in arithmetic overflow errors.
CVE-2018-0497
As a protection against the Lucky Thirteen attack, the TLS code for CBC decryption in encrypt-then-MAC mode performs extra MAC calculations to compensate for variations in message size due to padding. The amount of extra MAC calculation to perform was based on the assumption that the bulk of the time is spent in processing 64-byte blocks, which is correct for most supported hashes but not for SHA-384. Correct the amount of extra work for SHA-384 (and SHA-512 which is currently not used in TLS, and MD2 although no one should care about that).
This is a regression fix for what CVE-2013-0169 had been fixed this.
CVE-2018-0498
The basis for the Lucky 13 family of attacks is for an attacker to be able to distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding. Since our code sets padlen = 0 for invalid padding, the length of the input to the HMAC function gives information about that.
Information about this length (modulo the MD/SHA block size) can be deduced from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used. If MD/SHA padding is read from a (static) buffer, a local attacker could get information about how much is used via a cache attack targeting that buffer.
Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA one, which is always read fully by the process() function.
CVE-2018-9988
Prevent arithmetic overflow on bounds check and add bound check before signature length read in ssl_parse_server_key_exchange().
CVE-2018-9989
Prevent arithmetic overflow on bounds check and add bound check before length read in ssl_parse_server_psk_hint()
For Debian 8 'Jessie', these problems have been fixed in version 1.3.9-2.1+deb8u4.
We recommend that you upgrade your polarssl packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-09-27 | | plugin id | 117711 | | published | 2018-09-27 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=117711 | | title | Debian DLA-1518-1 : polarssl security update |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_JAVA-1_7_0-IBM-130415.NASL | | description | IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues.
More information can be found on :
http://www.ibm.com/developerworks/java/jdk/alerts/
and on :
http://www.ibm.com/developerworks/java/jdk/aix/j764/Java7_64.fixes.htm l#SR4FP1 | | last seen | 2019-02-21 | | modified | 2014-04-12 | | plugin id | 66031 | | published | 2013-04-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66031 | | title | SuSE 11.2 Security Update : java-1_7_0-ibm (SAT Patch Number 7623) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2013-0275.NASL | | description | From Red Hat Security Advisory 2013:0275 :
Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.
Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2013-1486, CVE-2013-1484)
An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
(CVE-2013-1485)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-07-18 | | plugin id | 68736 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=68736 | | title | Oracle Linux 5 / 6 : java-1.7.0-openjdk (ELSA-2013-0275) |
| NASL family | Web Servers | | NASL id | WEBSPHERE_8_5_5.NASL | | description | IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities :
- The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169, PM85211)
- The WS-Security run time contains a flaw that could be triggered by a specially crafted SOAP request to execute arbitrary code. (CVE-2013-0482, PM76582)
- A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else's credentials.
(CVE-2013-0597, PM85834, PM87131)
- A flaw exists relating to OpenJPA that is triggered during deserialization, which could allow a remote attacker to write to the file system and potentially execute arbitrary code. (CVE-2013-1768, PM86780, PM86786, PM86788, PM86791)
- An unspecified cross-site scripting vulnerability exists related to the administrative console. (CVE-2013-2967, PM78614)
- An unspecified vulnerability exists. (CVE-2013-2975)
- An information disclosure vulnerability exists relating to incorrect caching by the administrative console.
(CVE-2013-2976, PM79992)
- An improper process initialization flaw exists on UNIX platforms that could allow a local attacker to execute arbitrary commands. (CVE-2013-3024, PM86245) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 69021 | | published | 2013-07-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69021 | | title | IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5 Multiple Vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_JAVA-1_6_0-IBM-130416.NASL | | description | IBM Java 6 has been updated to SR13 FP1 which fixes bugs and security issues.
More information can be found on :
http://www.ibm.com/developerworks/java/jdk/alerts/
and on :
http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.htm l#SR13FP1
CVEs fixed: CVE-2013-0485 / CVE-2013-0809 / CVE-2013-1493 / CVE-2013-0169 | | last seen | 2019-02-21 | | modified | 2014-04-12 | | plugin id | 66194 | | published | 2013-04-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66194 | | title | SuSE 11.2 Security Update : IBM Java (SAT Patch Number 7627) |
| NASL family | Web Servers | | NASL id | WEBSPHERE_8_0_0_6.NASL | | description | IBM WebSphere Application Server 8.0 before Fix Pack 6 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities :
- An input validation error exists that could allow cross-site request forgery (CSRF) attacks.
(CVE-2012-4853 / PM62920)
- The included Java SDK contains several errors that affect the application directly. (CVE-2013-0169, CVE-2013-0440, CVE-2013-0443)
- Input validation errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0458 / PM71139, CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846)
- An input validation error exists related to the administration console that could allow cross-site scripting attacks. Note that this issue affects only the application when running on z/OS operating systems.
(CVE-2013-0459 / PM72536)
- An unspecified error could allow security bypass for authenticated users. (CVE-2013-0462 / PM76886 or PM79937)
- An error exists related to 'WS-Security' and SOAP message handling that could allow an attacker to spoof message signatures. (CVE-2013-0482 / PM76582)
- A buffer overflow error exists related to 'WebSphere Identity Manger (WIM)' that could allow denial of service attacks. (CVE-2013-0541 / PM74909)
- An unspecified error could allow security bypass, thus allowing remote attackers access to restricted resources on HP, Linux and Solaris hosts.
(CVE-2013-0543 / PM75582)
- An unspecified error related to the administration console could allow directory traversal attacks on Unix and Linux hosts. (CVE-2013-0544 / PM82468) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 66374 | | published | 2013-05-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66374 | | title | IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-1455.NASL | | description | Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)
Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java. | | last seen | 2019-02-21 | | modified | 2018-11-26 | | plugin id | 78975 | | published | 2014-11-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=78975 | | title | RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201406-32.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 76303 | | published | 2014-06-30 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76303 | | title | GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) |
| NASL family | Misc. | | NASL id | VMWARE_ESXI_5_0_BUILD_1311177_REMOTE.NASL | | description | The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities :
- Multiple errors exist related to OpenSSL that could allow information disclosure or denial of service attacks. (CVE-2013-0166, CVE-2013-0169)
- An error exists in the libxml2 library related to the expansion of XML internal entities. An attacker can exploit this to cause a denial of service. (CVE-2013-0338)
- An unspecified error exists related to 'hostd-vmdb'. An attacker can exploit this to cause a denial of service.
(CVE-2013-5970)
- An error exists in the handling of certain Virtual Machine file descriptors. This may allow an unprivileged user with the 'Add Existing Disk' privilege to obtain read and write access to arbitrary files, possibly leading to arbitrary code execution after a host reboot.
(CVE-2013-5973)
- A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. This issue may lead to a denial of service if an attacker intercepts and modifies the NFC traffic. (CVE-2014-1207)
- A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 70879 | | published | 2013-11-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=70879 | | title | ESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0833.NASL | | description | The version of JBoss Enterprise Application Platform 6.0.1 running on the remote system is vulnerable to the following issues:
- A man-in-the-middle attack is possible when applications running on JBoss Web use the COOKIE session tracking method. The flaw is in the org.apache.catalina.connector.Response.encodeURL() method. By making use of this, an attacker could obtain a user's jsessionid and hijack their session.
(CVE-2012-4529)
- If multiple applications used the same custom authorization module class name, a local attacker could deploy a malicious application authorization module that would permit or deny user access. (CVE-2012-4572)
- XML encryption backwards compatibility attacks could allow an attacker to force a server to use insecure legacy cryptosystems. (CVE-2012-5575)
- A NULL pointer dereference flaw could allow a malicious OCSP to crash applications performing OCSP verification.
(CVE-2013-0166)
- An OpenSSL leaks timing information issue exists that could allow a remote attacker to retrieve plaintext from the encrypted packets. (CVE-2013-0169)
- The JBoss Enterprise Application Platform administrator password and the sucker password are stored in a world- readable, auto-install XML file created by the GUI installer. (CVE-2013-0218)
- Tomcat incorrectly handles certain authentication requests. A remote attacker could use this flaw to inject a request that would get executed with a victim's credentials. (CVE-2013-2067) | | last seen | 2019-02-21 | | modified | 2018-07-26 | | plugin id | 66971 | | published | 2013-06-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66971 | | title | JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833) |
| NASL family | Web Servers | | NASL id | WEBSPHERE_7_0_0_29.NASL | | description | IBM WebSphere Application Server 7.0 before Fix Pack 29 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities :
- The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169, PM85211)
- The WS-Security run time contains a flaw that could be triggered by a specially crafted SOAP request to execute arbitrary code. (CVE-2013-0482, PM76582)
- A denial of service vulnerability exists, caused by a buffer overflow on localOS registry when using WebSphere Identity Manager (WIM). (CVE-2013-0541, PM74909)
- An unspecified cross-site scripting vulnerability exists related to the administrative console. (CVE-2013-0542, CVE-2013-2967, PM78614, PM81846)
- A validation flaw exists relating to 'Local OS registries' that may allow a remote attacker to bypass security. (CVE-2013-0543, PM75582)
- A directory traversal vulnerability exists in the administrative console via the 'PARAMETER' parameter.
(CVE-2013-0544, PM82468)
- A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else's credentials.
(CVE-2013-0597, PM85834, PM87131)
- A flaw exists relating to OpenJPA that is triggered during deserialization that may allow a remote attacker to write to the file system and potentially execute arbitrary code. (CVE-2013-1768, PM86780, PM86786, PM86788, PM86791)
- An information disclosure issue exists relating to incorrect caching by the administrative console.
(CVE-2013-2976, PM79992)
- A user-supplied input validation error exists that could allow cross-site request (CSRF) attacks to be carried out. (CVE-2013-3029, PM88746) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 68982 | | published | 2013-07-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=68982 | | title | IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_SECUPD2013-004.NASL | | description | The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component :
- Apache
- Bind
- Certificate Trust Policy
- ClamAV
- Installer
- IPSec
- Mobile Device Management
- OpenSSL
- PHP
- PostgreSQL
- QuickTime
- sudo
Note that successful exploitation of the most serious issues could result in arbitrary code execution. | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 69878 | | published | 2013-09-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69878 | | title | Mac OS X Multiple Vulnerabilities (Security Update 2013-004) |
| NASL family | Web Servers | | NASL id | WEBSPHERE_8_5_0_2.NASL | | description | IBM WebSphere Application Server 8.5 before Fix Pack 2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities :
- The included Java SDK contains several errors that affect the application directly. (CVE-2013-0169, CVE-2013-0440, CVE-2013-0443)
- Input validation errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0458 / PM71139, CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846, CVE-2013-0565 / PM83402)
- An input validation error exists related to the administration console that could allow cross-site scripting attacks. Note that this issue affects only the application when running on z/OS operating systems.
(CVE-2013-0459 / PM72536)
- An unspecified error could allow security bypass for authenticated users. (CVE-2013-0462 / PM76886 or PM79937)
- An error exists related to 'WS-Security' and SOAP message handling that could allow an attacker to spoof message signatures. (CVE-2013-0482 / PM76582)
- An error exists related to authentication cookies that could allow remote attackers to gain access to restricted resources. Note this only affects the application when running the 'Liberty Profile'.
(CVE-2013-0540 / PM81056)
- A buffer overflow error exists related to 'WebSphere Identity Manger (WIM)' that could allow denial of service attacks. (CVE-2013-0541 / PM74909)
- An unspecified error could allow security bypass, thus allowing remote attackers access to restricted resources on HP, Linux and Solaris hosts.
(CVE-2013-0543 / PM75582)
- An unspecified error related to the administration console could allow directory traversal attacks on Unix and Linux hosts. (CVE-2013-0544 / PM82468) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 66375 | | published | 2013-05-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66375 | | title | IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities |
| NASL family | Web Servers | | NASL id | WEBSPHERE_6_1_0_47.NASL | | description | IBM WebSphere Application Server 6.1 before Fix Pack 47 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities :
- A remote attacker can bypass authentication because of improper user validation on Linux, Solaris, and HP-UX platforms that use a LocalOS registry.
(CVE-2013-0543, PM75582)
- A denial of service can be caused by the way Apache Ant uses bzip2 to compress files. This can be exploited by a local attacker passing specially crafted input.
(CVE-2012-2098, PM90088)
- A local attacker can cause a denial of service on Windows platforms with a LocalOS registry using WebSphere Identity Manager. (CVE-2013-0541, PM74909)
- Remote attackers can traverse directories by deploying a specially crafted application file to overwrite files outside of the application deployment directory.
(CVE-2012-3305, PM62467)
- The TLS protocol implementation is susceptible to plaintext-recovery attacks via statistical analysis of timing data for crafted packets. (CVE-2013-0169, PM85211)
- Terminal escape sequences are not properly filtered from logs. Remote attackers could execute arbitrary commands via an HTTP request containing an escape sequence.
(CVE-2013-1862, PM87808)
- Improper validation of user input allows for cross-site request forgery. By persuading an authenticated user to visit a malicious website, a remote attacker could exploit this vulnerability to obtain sensitive information. (CVE-2012-4853, CVE-2013-3029, PM62920, PM88746)
- Improper validation of user input in the administrative console allows for multiple cross-site scripting attacks. (CVE-2013-0458, CVE-2013-0459, CVE-2013-0461, CVE-2013-0542, CVE-2013-0596, CVE-2013-2967, CVE-2013-4005, CVE-2013-4052, PM71139, PM72536, PM71389, PM73445, PM78614, PM81846, PM88208, PM91892)
- Improper validation of portlets in the administrative console allows for cross-site request forgery, which could allow an attacker to obtain sensitive information.
(CVE-2013-0460, PM72275)
- Remote, authenticated attackers can traverse directories on Linux and UNIX systems running the application.
(CVE-2013-0544, PM82468)
- A denial of service attack is possible if the optional mod_dav module is being used. (CVE-2013-1896, PM89996)
- Sensitive information can be obtained by a local attacker because of incorrect caching by the administrative console. (CVE-2013-2976, PM79992)
- An attacker may gain elevated privileges because of improper certificate checks. WS-Security and XML Digital Signatures must be enabled. (CVE-2013-4053, PM90949, PM91521)
- Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. WebSphere is NOT vulnerable to this issue but the vendor suggests upgrading to be proactive.
(CVE-2013-1768, PM86780, PM86786, PM86788, PM86791) | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 70022 | | published | 2013-09-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=70022 | | title | IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_00B0D8CD709711E298D9003067C2616F.NASL | | description | OpenSSL security team reports :
A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack.
A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack. | | last seen | 2019-02-21 | | modified | 2018-11-21 | | plugin id | 64488 | | published | 2013-02-07 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64488 | | title | FreeBSD : OpenSSL -- TLS 1.1, 1.2 denial of service (00b0d8cd-7097-11e2-98d9-003067c2616f) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2013-0587.NASL | | description | Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166)
It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)
Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it.
It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735)
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 65061 | | published | 2013-03-07 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65061 | | title | CentOS 5 / 6 : openssl (CESA-2013:0587) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_OPENSSL-8517.NASL | | description | OpenSSL has been updated to fix several security issues :
- Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. (CVE-2012-4929)
Please note that openssl on SUSE Linux Enterprise 10 is not built with compression support.
- Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. (CVE-2013-0169)
- A OCSP invalid key denial of service issue was fixed.
(CVE-2013-0166) | | last seen | 2019-02-21 | | modified | 2014-04-12 | | plugin id | 65719 | | published | 2013-03-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65719 | | title | SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 8517) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_LIBOPENSSL-DEVEL-130325.NASL | | description | OpenSSL has been updated to fix several security issues :
- Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. (CVE-2012-4929)
- Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. (CVE-2013-0169)
- A OCSP invalid key denial of service issue was fixed.
(CVE-2013-0166) | | last seen | 2019-02-21 | | modified | 2014-04-12 | | plugin id | 65718 | | published | 2013-03-28 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65718 | | title | SuSE 11.2 Security Update : OpenSSL (SAT Patch Number 7548) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_JAVA-1_6_0-IBM-8544.NASL | | description | IBM Java 6 was updated to SR13 FP1, fixing bugs and security issues.
More information can be found on :
http://www.ibm.com/developerworks/java/jdk/alerts/
and on :
http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.htm l#SR13FP1
Security issues: - CVE-2013-0485- CVE-2013-0809
- CVE-2013-0169. (CVE-2013-1493) | | last seen | 2019-02-21 | | modified | 2014-04-12 | | plugin id | 66198 | | published | 2013-04-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66198 | | title | SuSE 10 Security Update : java-1_6_0-ibm (ZYPP Patch Number 8544) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20130304_OPENSSL_ON_SL5_X.NASL | | description | It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially- crafted response. (CVE-2013-0166)
It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)
Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it.
It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Scientific Linux 5 and 6 was affected by this problem.
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. | | last seen | 2019-02-21 | | modified | 2018-12-31 | | plugin id | 65022 | | published | 2013-03-05 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65022 | | title | Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 |
| NASL family | Windows | | NASL id | STUNNEL_4_55.NASL | | description | The version of stunnel installed on the remote host is a version after 4.21 and prior to 4.55. It is, therefore, affected by the following vulnerabilities :
- The bundled version of OpenSSL contains an error related to CBC-mode and timing that allows an attacker to recover plaintext from encrypted communications.
(CVE-2013-0169)
- A buffer overflow condition exists related to NTLM authentication. Note this issue does not affect 32-bit builds.(CVE-2013-1762) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 65690 | | published | 2013-03-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65690 | | title | stunnel 4.21 - 4.54 Multiple Vulnerabilities |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2013-0587.NASL | | description | From Red Hat Security Advisory 2013:0587 :
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166)
It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)
Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it.
It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735)
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. | | last seen | 2019-02-21 | | modified | 2018-07-18 | | plugin id | 68768 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=68768 | | title | Oracle Linux 5 / 6 : openssl (ELSA-2013-0587) |
| NASL family | OracleVM Local Security Checks | | NASL id | ORACLEVM_OVMSA-2014-0008.NASL | | description | The remote OracleVM system is missing necessary patches to address critical security updates :
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
- replace expired GlobalSign Root CA certificate in ca-bundle.crt
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051)
- use __secure_getenv everywhere instead of getenv (#839735)
- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185)
- fix problem with the SGC restart patch that might terminate handshake incorrectly
- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)
- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)
- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770)
- fix for CVE-2011-4109 - double free in policy checks (#771771)
- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)
- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)
- add known answer test for SHA2 algorithms (#740866)
- make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410)
- fix incorrect return value in parse_yesno (#726593)
- added DigiCert CA certificates to ca-bundle (#735819)
- added a new section about error states to README.FIPS (#628976)
- add missing DH_check_pub_key call when DH key is computed (#698175)
- presort list of ciphers available in SSL (#688901)
- accept connection in s_server even if getaddrinfo fails (#561260)
- point to openssl dgst for list of supported digests (#608639)
- fix handling of future TLS versions (#599112)
- added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856)
- upstream fixes for the CHIL engine (#622003, #671484)
- add SHA-2 hashes in SSL_library_init (#676384)
- fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774)
- fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125)
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 79532 | | published | 2014-11-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=79532 | | title | OracleVM 3.2 : onpenssl (OVMSA-2014-0008) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-1732-3.NASL | | description | USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression.
This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. We apologize for the inconvenience.
Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686)
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the 'Lucky Thirteen' issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
(CVE-2013-0169).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 65684 | | published | 2013-03-26 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65684 | | title | Ubuntu 12.04 LTS / 12.10 : openssl vulnerability (USN-1732-3) |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_10_8_5.NASL | | description | The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components :
- Apache
- Bind
- Certificate Trust Policy
- CoreGraphics
- ImageIO
- Installer
- IPSec
- Kernel
- Mobile Device Management
- OpenSSL
- PHP
- PostgreSQL
- Power Management
- QuickTime
- Screen Lock
- sudo
This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit.
Note that successful exploitation of the most serious issues could result in arbitrary code execution. | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 69877 | | published | 2013-09-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69877 | | title | Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0587.NASL | | description | Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166)
It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)
Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it.
It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735)
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 65004 | | published | 2013-03-05 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65004 | | title | RHEL 5 / 6 : openssl (RHSA-2013:0587) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2013-171.NASL | | description | It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)
A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166)
It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)
Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. | | last seen | 2019-02-21 | | modified | 2018-04-18 | | plugin id | 69730 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69730 | | title | Amazon Linux AMI : openssl (ALAS-2013-171) |
| NASL family | Web Servers | | NASL id | OPENSSL_1_0_1D.NASL | | description | According to its banner, the remote web server is running a version of OpenSSL 1.0.1 prior to 1.0.1d. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :
- An error exists related to AES-NI, TLS 1.1, TLS 1.2 and the handling of CBC ciphersuites that could allow denial of service attacks. Note that platforms and versions that do not support AES-NI, TLS 1.1, or TLS 1.2 are not affected. (CVE-2012-2686)
- An error exists related to the handling of OCSP response verification that could allow denial of service attacks.
(CVE-2013-0166)
- An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) | | last seen | 2019-02-21 | | modified | 2018-07-16 | | plugin id | 64534 | | published | 2013-02-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64534 | | title | OpenSSL 1.0.1 < 1.0.1d Multiple Vulnerabilities |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0823.NASL | | description | Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2440)
All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR13-FP2 release. All running instances of IBM Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-12-20 | | plugin id | 66440 | | published | 2013-05-15 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66440 | | title | RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0823) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0822.NASL | | description | Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2440)
All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR4-FP2 release. All running instances of IBM Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-12-20 | | plugin id | 66439 | | published | 2013-05-15 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66439 | | title | RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0822) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2013-0274.NASL | | description | Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 64896 | | published | 2013-02-27 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64896 | | title | CentOS 5 : java-1.6.0-openjdk (CESA-2013:0274) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0273.NASL | | description | Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website.
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 64746 | | published | 2013-02-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64746 | | title | RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0273) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2013-163.NASL | | description | An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) | | last seen | 2019-02-21 | | modified | 2018-04-18 | | plugin id | 69722 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69722 | | title | Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-163) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2013-154.NASL | | description | openssl was updated to 1.0.1e, fixing bugs and security issues :
o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. o Fix OCSP bad key DoS attack CVE-2013-0166 bnc#802746 o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 bnc#802184 o Fix for TLS AESNI record handling flaw CVE-2012-2686
Also the following buyg was fixed: bnc#757773 - c_rehash to accept more filename extensions | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 74902 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74902 | | title | openSUSE Security Update : openssl (openSUSE-SU-2013:0337-1) |
| NASL family | AIX Local Security Checks | | NASL id | AIX_OPENSSL_ADVISORY5.NASL | | description | The version of OpenSSL running on the remote host is affected by the following vulnerabilities :
- The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the 'Lucky Thirteen' issue. (CVE-2013-0169)
- OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
(CVE-2013-0166) | | last seen | 2019-02-21 | | modified | 2018-11-28 | | plugin id | 73563 | | published | 2014-04-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=73563 | | title | AIX OpenSSL Advisory : openssl_advisory5.asc |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2013-014.NASL | | description | Multiple security issues were identified and fixed in OpenJDK (icedtea6) :
- S8006446: Restrict MBeanServer access
- S8006777: Improve TLS handling of invalid messages
- S8007688: Blacklist known bad certificate
- S7123519: problems with certification path
- S8007393: Possible race condition after JDK-6664509
- S8007611: logging behavior in applet changed
The updated packages provides icedtea6-1.11.8 which is not vulnerable to these issues. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 64861 | | published | 2013-02-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64861 | | title | Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:014) |
| NASL family | Web Servers | | NASL id | OPENSSL_1_0_1E.NASL | | description | According to its banner, the remote web server is running a version of OpenSSL 1.0.1 prior to 1.0.1e. The OpenSSL library is, therefore, reportedly affected by an incomplete fix for CVE-2013-0169.
An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 64620 | | published | 2013-02-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64620 | | title | OpenSSL 1.0.1 < 1.0.1e Information Disclosure |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-1732-2.NASL | | description | USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. We apologize for the inconvenience.
Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686)
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the 'Lucky Thirteen' issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
(CVE-2013-0169).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 64968 | | published | 2013-03-01 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64968 | | title | Ubuntu 12.04 LTS / 12.10 : openssl regression (USN-1732-2) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201312-03.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201312-03 (OpenSSL: Multiple Vulnerabilities)
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact :
Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 71169 | | published | 2013-12-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=71169 | | title | GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-1456.NASL | | description | Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.5.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)
Users of Red Hat Network Satellite Server 5.5 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java. | | last seen | 2019-02-21 | | modified | 2018-11-26 | | plugin id | 78976 | | published | 2014-11-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=78976 | | title | RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT) |
| NASL family | Windows | | NASL id | TIVOLI_DIRECTORY_SVR_SWG21638270.NASL | | description | The remote host is running a version of IBM Tivoli Directory Server and a version of IBM Global Security Kit (GSKit) that is affected by an information disclosure vulnerability. The Transport Layer Security (TLS) protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets. This type of exploitation is known as the 'Lucky Thirteen' attack. | | last seen | 2019-02-21 | | modified | 2018-08-01 | | plugin id | 80481 | | published | 2015-01-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80481 | | title | IBM Tivoli Directory Server < 6.0.0.72 / 6.1.0.55 / 6.2.0.30 / 6.3.0.22 with GSKit < 7.0.4.45 / 8.0.14.27 TLS Side-Channel Timing Information Disclosure |
| NASL family | F5 Networks Local Security Checks | | NASL id | F5_BIGIP_SOL93600123.NASL | | description | The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. (CVE-2016-2107) | | last seen | 2019-02-21 | | modified | 2019-01-04 | | plugin id | 94986 | | published | 2016-11-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=94986 | | title | F5 Networks BIG-IP : OpenSSL vulnerability (K93600123) |
| NASL family | F5 Networks Local Security Checks | | NASL id | F5_BIGIP_SOL14190.NASL | | description | A vulnerability exists in the TLS and DTLS protocols that may allow an attacker to recover plaintext from TLS/DTLS connections that use CBC-mode encryption. (CVE-2013-0169)
Note: Stream ciphers, such as RC4, are not vulnerable to this issue. | | last seen | 2019-02-21 | | modified | 2019-01-04 | | plugin id | 78142 | | published | 2014-10-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=78142 | | title | F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2013-0274.NASL | | description | From Red Hat Security Advisory 2013:0274 :
Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-07-18 | | plugin id | 68735 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=68735 | | title | Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0274) |
| NASL family | CGI abuses | | NASL id | SPLUNK_503.NASL | | description | According to its version number, the Splunk Web hosted on the remote web server is affected by multiple vulnerabilities :
- The application is affected by an unspecified cross-site scripting vulnerability. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site. (CVE-2012-6447)
- The version of OpenSSL included with Splunk 5.x is affected by multiple vulnerabilities including a denial of service and a plaintext recovery attack.
(CVE-2013-0166, CVE-2013-0169)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 66835 | | published | 2013-06-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66835 | | title | Splunk 5.0.x < 5.0.3 Multiple Vulnerabilities |
| NASL family | VMware ESX Local Security Checks | | NASL id | VMWARE_VMSA-2013-0009.NASL | | description | a. vCenter Server and ESX userworld update for OpenSSL library
The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166 to these issues.
b. Service Console (COS) update for OpenSSL library
The Service Console updates for OpenSSL library is updated to version openssl-0.9.8e-26.el5_9.1 to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166 to these issues.
c. ESX Userworld and Service Console (COS) update for libxml2 library
The ESX Userworld and Service Console libxml2 library is updated to version libxml2-2.6.26-2.1.21.el5_9.1 and libxml2-python-2.6.26-2.1.21.el5_9.1. to resolve a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-0338 to this issue.
d. Service Console (COS) update for GnuTLS library
The ESX service console GnuTLS RPM is updated to version gnutls-1.4.1-10.el5_9.1 to resolve a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-2116 to this issue.
e. ESX third-party update for Service Console kernel
The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-348.3.1.el5 which addresses several security issues in the COS kernel.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0268 and CVE-2013-0871 to these issues. | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 69193 | | published | 2013-08-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69193 | | title | VMSA-2013-0009 : VMware vSphere, ESX and ESXi updates to third-party libraries |
| NASL family | Misc. | | NASL id | IPSWITCH_IMAIL_12_3.NASL | | description | The remote host appears to be running Ipswitch IMail Server 11.x or 12.x older than version 12.3 and is, therefore, affected by an information disclosure vulnerability due to the included OpenSSL version.
An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 76489 | | published | 2014-07-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76489 | | title | Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS11_OPENSSL_20130716.NASL | | description | The remote Solaris system is missing necessary patches to address security updates :
- OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
(CVE-2013-0166)
- The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the 'Lucky Thirteen' issue. (CVE-2013-0169) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 80719 | | published | 2015-01-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80719 | | title | Oracle Solaris Third-Party Patch Update : openssl (lucky_thirteen_vulnerability_in_solaris) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2013-0273.NASL | | description | Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website.
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 64730 | | published | 2013-02-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64730 | | title | CentOS 6 : java-1.6.0-openjdk (CESA-2013:0273) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0274.NASL | | description | Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 64747 | | published | 2013-02-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64747 | | title | RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0274) |
| NASL family | Misc. | | NASL id | VMWARE_ESX_VMSA-2013-0009_REMOTE.NASL | | description | The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries :
- GnuTLS
- Kernel
- OpenSSL | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 89666 | | published | 2016-03-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=89666 | | title | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check) |
| NASL family | General | | NASL id | IBM_GSKIT_SWG21638270.NASL | | description | The version of IBM Global Security Kit (GSKit) installed on the remote host is 7.0.x prior to 7.0.4.45 or 8.0.14.x prior to 8.0.14.27.
It is, therefore, affected by an information disclosure vulnerability.
The Transport Layer Security (TLS) protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets. This type of exploitation is known as the 'Lucky Thirteen' attack. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 67231 | | published | 2013-07-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=67231 | | title | IBM GSKit 7.x < 7.0.4.45 / 8.0.14.x < 8.0.14.27 TLS Side-Channel Timing Information Disclosure |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2013-164.NASL | | description | java-1_6_0-openjdk was updated to IcedTea 1.12.3 (bnc#804654) containing security and bugfixes :
- Security fixes
- S8006446: Restrict MBeanServer access (CVE-2013-1486)
- S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169)
- S8007688: Blacklist known bad certificate (issued by DigiCert)
- Backports
- S8007393: Possible race condition after JDK-6664509
- S8007611: logging behavior in applet changed
- Bug fixes
- PR1319: Support GIF lib v5. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 74906 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74906 | | title | openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0375-1) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_JAVA-1_6_0-OPENJDK-130221.NASL | | description | java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes :
- Security fixes
- S8006446: Restrict MBeanServer access. (CVE-2013-1486)
- S8006777: Improve TLS handling of invalid messages Lucky 13. (CVE-2013-0169)
- S8007688: Blacklist known bad certificate (issued by DigiCert)
- Backports
- S8007393: Possible race condition after JDK-6664509
- S8007611: logging behavior in applet changed
- Bug fixes
- PR1319: Support GIF lib v5. | | last seen | 2019-02-21 | | modified | 2014-04-12 | | plugin id | 64863 | | published | 2013-02-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64863 | | title | SuSE 11.2 Security Update : Java (SAT Patch Number 7385) |
| NASL family | Web Servers | | NASL id | OPENSSL_1_0_0K.NASL | | description | According to its banner, the remote web server is running a version of OpenSSL 1.0.0 prior to 1.0.0k. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :
- An error exists related to the handling of OCSP response verification that could allow denial of service attacks.
(CVE-2013-0166)
- An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) | | last seen | 2019-02-21 | | modified | 2018-07-16 | | plugin id | 64533 | | published | 2013-02-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64533 | | title | OpenSSL 1.0.0 < 1.0.0k Multiple Vulnerabilities |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-2621.NASL | | description | Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues :
- CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key.
- CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the 'Lucky Thirteen' issue. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 64623 | | published | 2013-02-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64623 | | title | Debian DSA-2621-1 : openssl - several vulnerabilities |
| NASL family | Junos Local Security Checks | | NASL id | JUNIPER_JSA10575.NASL | | description | According to its self-reported version number, the remote Junos device is using an outdated version of OpenSSL, which has multiple vulnerabilities including (but not limited to) :
- An error exists related to the handling of OCSP response verification that could allow denial of service attacks.
(CVE-2013-0166)
- An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 68908 | | published | 2013-07-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=68908 | | title | Juniper Junos OpenSSL Multiple Vulnerabilities (JSA10575) |
| NASL family | Misc. | | NASL id | JUNOS_PULSE_JSA10591.NASL | | description | According to its self-reported version, the version of IVE / UAC OS running on the remote host may be affected by multiple vulnerabilities :
- Remote attackers may be able to trigger buffer overflow vulnerabilities on the OpenSSL libraries by sending specially crafted DER data, resulting in memory corruption. (CVE-2012-2131)
- A weakness in the OpenSSL library leaves it vulnerable to an attack that could allow a third party to recover (fully or partially) the plaintext from encrypted traffic. (CVE-2013-0169)
- A flaw in OCSP signature verification in the OpenSSL library allows remote OCSP servers to cause a denial of service condition with an invalid key. (CVE-2013-0166) | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 69987 | | published | 2013-09-19 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69987 | | title | Junos Pulse Secure IVE / UAC OS Multiple SSL Vulnerabilities |
| NASL family | General | | NASL id | IBM_TSM_SERVER_6_3_4_200.NASL | | description | The version of IBM Tivoli Storage Manager installed on the remote host is 6.3.x prior to 6.3.4.200. It is, therefore, affected by a vulnerability that could allow a remote attacker to perform a statistical timing attack known as 'Lucky Thirteen'. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 77120 | | published | 2014-08-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77120 | | title | IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure |
| NASL family | Misc. | | NASL id | JUNIPER_NSM_JSA10642.NASL | | description | The remote host has one or more instances of NSM (Network and Security Manager) Server running, with version(s) prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities related to its Java and Apache installations. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 77326 | | published | 2014-08-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=77326 | | title | Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642) |
| NASL family | Slackware Local Security Checks | | NASL id | SLACKWARE_SSA_2013-040-01.NASL | | description | New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. | | last seen | 2019-02-21 | | modified | 2015-01-14 | | plugin id | 64535 | | published | 2013-02-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64535 | | title | Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : openssl (SSA:2013-040-01) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-2834.NASL | | description | Multiple security and bug fixes update from upstream.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-05 | | plugin id | 64982 | | published | 2013-03-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64982 | | title | Fedora 18 : openssl-1.0.1e-3.fc18 (2013-2834) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2013-0273.NASL | | description | From Red Hat Security Advisory 2013:0273 :
Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website.
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-07-18 | | plugin id | 68734 | | published | 2013-07-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=68734 | | title | Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0273) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0855.NASL | | description | Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432)
All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP2 release. All running instances of IBM Java must be restarted for this update to take effect. | | last seen | 2019-02-21 | | modified | 2018-12-20 | | plugin id | 66550 | | published | 2013-05-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66550 | | title | RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0855) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2013-052.NASL | | description | Multiple vulnerabilities has been found and corrected in openssl :
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key (CVE-2013-0166).
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue (CVE-2013-0169).
The updated packages have been upgraded to the 1.0.0k version which is not vulnerable to these issues. | | last seen | 2019-02-21 | | modified | 2018-07-19 | | plugin id | 66066 | | published | 2013-04-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66066 | | title | Mandriva Linux Security Advisory : openssl (MDVSA-2013:052) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-4403.NASL | | description | Update to 1.0.1e
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2015-10-19 | | plugin id | 65776 | | published | 2013-04-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65776 | | title | Fedora 18 : mingw-openssl-1.0.1e-1.fc18 (2013-4403) |
| NASL family | Web Servers | | NASL id | OPENSSL_0_9_8Y.NASL | | description | According to its banner, the remote web server is running a version of OpenSSL prior to 0.9.8y. The OpenSSL library is, therefore, reportedly affected by the following vulnerabilities :
- An error exists related to the handling of OCSP response verification that could allow denial of service attacks.
(CVE-2013-0166)
- An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) | | last seen | 2019-02-21 | | modified | 2018-07-16 | | plugin id | 64532 | | published | 2013-02-09 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64532 | | title | OpenSSL < 0.9.8y Multiple Vulnerabilities |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-1732-1.NASL | | description | Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686)
Stephen Henson discovered that OpenSSL incorrectly performed signature verification for OCSP responses. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2013-0166)
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the 'Lucky Thirteen' issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
(CVE-2013-0169).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 64798 | | published | 2013-02-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64798 | | title | Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openssl vulnerabilities (USN-1732-1) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2013-0531.NASL | | description | Updated java-1.6.0-sun packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
This update fixes three vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
(CVE-2013-0169, CVE-2013-1486, CVE-2013-1487)
All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 41. All running instances of Oracle Java must be restarted for the update to take effect. | | last seen | 2019-02-21 | | modified | 2018-07-26 | | plugin id | 64774 | | published | 2013-02-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64774 | | title | RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0531) |
| NASL family | F5 Networks Local Security Checks | | NASL id | F5_BIGIP_SOL15637.NASL | | description | The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. | | last seen | 2019-02-21 | | modified | 2014-10-10 | | plugin id | 78199 | | published | 2014-10-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=78199 | | title | F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-2622.NASL | | description | Multiple vulnerabilities have been found in PolarSSL. The Common Vulnerabilities and Exposures project identifies the following issues :
- CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the 'Lucky Thirteen' issue.
- CVE-2013-1621 An array index error might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session.
- CVE-2013-1622 Malformed CBC data in a TLS session could allow remote attackers to conduct distinguishing attacks via statistical analysis of timing side-channel data for crafted packets. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 64624 | | published | 2013-02-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=64624 | | title | Debian DSA-2622-1 : polarssl - several vulnerabilities |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2013-162.NASL | | description | Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2013-1486 , CVE-2013-1484)
An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
(CVE-2013-1485)
It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) | | last seen | 2019-02-21 | | modified | 2018-04-18 | | plugin id | 69721 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69721 | | title | Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162) |
| NASL family | F5 Networks Local Security Checks | | NASL id | F5_BIGIP_SOL15630.NASL | | description | The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) | | last seen | 2019-02-21 | | modified | 2019-01-04 | | plugin id | 78198 | | published | 2014-10-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=78198 | | title | F5 Networks BIG-IP : TLS in Mozilla NSS vulnerability (K15630) |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_69BFC8529BD011E2A7BE8C705AF55518.NASL | | description | A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack.
OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack. | | last seen | 2019-02-21 | | modified | 2018-11-21 | | plugin id | 65842 | | published | 2013-04-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65842 | | title | FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (69bfc852-9bd0-11e2-a7be-8c705af55518) |
| NASL family | Junos Local Security Checks | | NASL id | JUNIPER_SPACE_JSA10659.NASL | | description | According to its self-reported version number, the remote Junos Space version is prior to 14.1R1. It is, therefore, affected by multiple vulnerabilities in bundled third party software components :
- Multiple vulnerabilities in the bundled OpenSSL CentOS package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2013-0169, CVE-2014-0224)
- Multiple vulnerabilities in Oracle MySQL.
(CVE-2013-5908)
- Multiple vulnerabilities in the Oracle Java runtime.
(CVE-2014-0411, CVE-2014-0423, CVE-2014-4244, CVE-2014-0453, CVE-2014-0460, CVE-2014-4263, CVE-2014-4264) | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 80197 | | published | 2014-12-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=80197 | | title | Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-2793.NASL | | description | Multiple security and bug fixes update from upstream.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-05 | | plugin id | 65081 | | published | 2013-03-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=65081 | | title | Fedora 17 : openssl-1.0.0k-1.fc17 (2013-2793) |
|
