ID CVE-2019-1547
Summary Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2n:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2q:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2r:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2s:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0:pre2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0:pre3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0:pre4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0:pre5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0:pre6:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.0k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:pre1:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:pre2:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:pre3:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:pre4:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:pre5:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:pre6:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:pre7:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:pre8:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1:pre9:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:*
Base: 1.9 (as of 21-07-2021 - 11:39)
  • Harvesting Information via API Event Monitoring
    An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via MITM proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
  • Signature Spoofing by Mixing Signed and Unsigned Content
    An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
  • Sniff Application Code
    An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.
  • Sniffing Network Traffic
    In this attack pattern, the adversary monitors network traffic between nodes of a public or multicast network in an attempt to capture sensitive information at the protocol level. Network sniffing applications can reveal TCP/IP, DNS, Ethernet, and other low-level network communication information. The adversary takes a passive role in this attack pattern and simply observes and analyzes the traffic. The adversary may precipitate or indirectly influence the content of the observed transaction, but is never the intended recipient of the target information.
  • Retrieve Embedded Sensitive Data
    An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
  • Navigation Remapping To Propagate Malicious Content
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, spam-like content, or links to the attackers' code. In general, content-spoofing within an application API can be employed to stage many different types of attacks varied based on the attackers' intent. When the goal is to spread malware, deceptive content is created such as modified links, buttons, or images, that entice users to click on those items, all of which point to a malicious URI. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the destination of various application interface elements.
  • Sniffing Attacks
    In this attack pattern, the adversary intercepts information transmitted between two third parties. The adversary must be able to observe, read, and/or hear the communication traffic, but not necessarily block the communication or change its content. Any transmission medium can theoretically be sniffed if the adversary can examine the contents between the sender and recipient. Sniffing Attacks are similar to Man-In-The-Middle attacks (CAPEC-94), but are entirely passive. MITM attacks are predominantly active and often alter the content of the communications themselves.
  • Lifting Sensitive Data Embedded in Cache
    An attacker examines a target application's cache for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.
  • Transaction or Event Tampering via Application API Manipulation
    An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.
  • Application API Message Manipulation via Man-in-the-Middle
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system. Despite the use of MITM software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Man-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.
  • Application API Navigation Remapping
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user's photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
  • Application API Button Hijacking
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination.
  • Cellular Traffic Intercept
    Cellular traffic for voice and data from mobile devices and retransmission devices can be intercepted via numerous methods. Malicious actors can deploy their own cellular tower equipment and intercept cellular traffic surreptitiously. Additionally, government agencies of adversaries and malicious actors can intercept cellular traffic via the telecommunications backbone over which mobile traffic is transmitted.
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:N/A:N
redhat via4
  • jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6
  • jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el6
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-86.jbcs.el7
  • jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el6
  • jbcs-httpd24-apr-devel-0:1.6.3-86.jbcs.el7
  • jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6
  • jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el6
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-21.jbcs.el7
  • jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el6
  • jbcs-httpd24-brotli-devel-0:1.0.6-21.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-41.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6
  • jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7
  • jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el6
  • jbcs-httpd24-mod_http2-debuginfo-0:1.11.3-22.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-52.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-52.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-52.jbcs.el7
  • jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.1.1c-16.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.1.1c-16.jbcs.el7
  • openssl-1:1.1.1c-15.el8
  • openssl-debuginfo-1:1.1.1c-15.el8
  • openssl-debugsource-1:1.1.1c-15.el8
  • openssl-devel-1:1.1.1c-15.el8
  • openssl-libs-1:1.1.1c-15.el8
  • openssl-libs-debuginfo-1:1.1.1c-15.el8
  • openssl-perl-1:1.1.1c-15.el8
refmap via4
  • 20190912 [slackware-security] openssl (SSA:2019-254-03)
  • 20191001 [SECURITY] [DSA 4539-1] openssl security update
  • 20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update
  • DSA-4539
  • DSA-4540
  • FEDORA-2019-d15aac6c4e
  • FEDORA-2019-d51641f152
gentoo GLSA-201911-04
mlist [debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update
  • openSUSE-SU-2019:2158
  • openSUSE-SU-2019:2189
  • openSUSE-SU-2019:2268
  • openSUSE-SU-2019:2269
  • USN-4376-1
  • USN-4376-2
  • USN-4504-1
Last major update 21-07-2021 - 11:39
Published 10-09-2019 - 17:15
Last modified 21-07-2021 - 11:39
Back to Top