The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun Java System Web Server

computer vulnerability alert CVE-2015-2808

TLS: RC4 decryption via Bar Mitzvah

Synthesis of the vulnerability

An attacker can use the Bar Mitzvah Attack on TLS, in order to obtain sensitive information encrypted by RC4.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Avamar, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, HPE BSM, HP Data Protector, HPE NNMi, HP Operations, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Domino, Notes, IRAD, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, SnapManager, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 27/03/2015.
Identifiers: 1450666, 1610582, 1647054, 1882708, 1883551, 1883553, 1902260, 1903541, 1960659, 1963275, 1967498, 523628, 7014463, 7022958, 7045736, 9010041, 9010044, Bar Mitzvah, BSA-2015-007, c04708650, c04767175, c04770140, c04772305, c04773119, c04773241, c04777195, c04777255, c04832246, c04926789, c05085988, c05336888, cpujan2018, cpuoct2017, CVE-2015-2808, DSA-2018-124, HPSBGN03350, HPSBGN03393, HPSBGN03399, HPSBGN03407, HPSBGN03414, HPSBGN03415, HPSBGN03580, HPSBHF03673, HPSBMU03345, HPSBMU03401, HPSBUX03435, HPSBUX03512, NTAP-20150715-0001, NTAP-20151028-0001, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SOL16864, SSRT102254, SSRT102977, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, VIGILANCE-VUL-16486, VN-2015-004.

Description of the vulnerability

During the initialization of a TLS session, the client and the server negotiate cryptographic algorithms. The RC4 algorithm can be chosen to encrypt data.

For some weak keys (one over 2^24), the Invariance Weakness can be used to predict the two LSB (Least Significant Bit) of the 100 first bytes encrypted with RC4. The first TLS message is "Finished" (36 bytes), thus an attacker can predict LSBs of 64 bytes.

An attacker can therefore use the Bar Mitzvah Attack on TLS, in order to obtain sensitive information encrypted by RC4.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1620 CVE-2013-1739 CVE-2013-1740

Oracle Fusion: several vulnerabilities of July 2014

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in July 2014.
Impacted products: Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, WebLogic, Oracle Web Tier.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 26.
Creation date: 16/07/2014.
Identifiers: CERTFR-2014-AVI-313, cpujul2014, CVE-2013-1620, CVE-2013-1739, CVE-2013-1740, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2013-5855, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-2479, CVE-2014-2480, CVE-2014-2481, CVE-2014-2493, CVE-2014-4201, CVE-2014-4202, CVE-2014-4210, CVE-2014-4211, CVE-2014-4212, CVE-2014-4217, CVE-2014-4222, CVE-2014-4241, CVE-2014-4242, CVE-2014-4249, CVE-2014-4251, CVE-2014-4253, CVE-2014-4254, CVE-2014-4255, CVE-2014-4256, CVE-2014-4257, CVE-2014-4267, VIGILANCE-VUL-15052.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

Several vulnerabilities impact NSS (VIGILANCE-VUL-13598, VIGILANCE-VUL-13789, VIGILANCE-VUL-14099, VIGILANCE-VUL-14456) in Oracle GlassFish Server, Oracle iPlanet Web Proxy Server and Oracle iPlanet Web Server. [severity:3/4; CVE-2013-1739, CVE-2013-1740, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain information. [severity:3/4; CVE-2014-4257]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2481]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2480]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4255]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4254]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2479]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4267]

An attacker can use a vulnerability of Oracle JDeveloper, in order to obtain information, or to trigger a denial of service. [severity:3/4; CVE-2014-2493]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:3/4; CVE-2014-4256]

An attacker can use a vulnerability of BI Publisher, in order to obtain information. [severity:2/4; CVE-2014-4249]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to alter information. [severity:2/4; CVE-2014-4211]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-4201]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-4202]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information. [severity:2/4; CVE-2014-4210]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-4253]

An attacker can use a vulnerability of GlassFish Communications Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle Fusion Middleware, in order to obtain information. [severity:2/4; CVE-2014-4212]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:2/4; CVE-2013-5855]

An attacker can use a vulnerability of Oracle JDeveloper, in order to alter information. [severity:2/4; CVE-2013-5855]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2014-4242]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2014-4217]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2014-4241]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2013-5855]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2014-4251]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2014-4222]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-0114

Apache Struts 1: code execution via ClassLoader

Synthesis of the vulnerability

An attacker can use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Impacted products: Struts, Debian, BIG-IP Hardware, TMOS, Fedora, SiteScope, IRAD, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, Puppet, RHEL, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 26/05/2014.
Identifiers: 1672316, 1673982, 1674339, 1675822, 2016214, c04399728, c05324755, CERTFR-2014-AVI-382, cpuapr2017, cpujan2018, cpujan2019, cpuoct2017, cpuoct2018, CVE-2014-0114, DSA-2940-1, ESA-2014-080, FEDORA-2014-9380, HPSBGN03669, HPSBMU03090, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, MDVSA-2014:095, RHSA-2014:0474-01, RHSA-2014:0497-01, RHSA-2014:0500-01, RHSA-2014:0511-01, RHSA-2018:2669-01, SOL15282, SUSE-SU-2014:0902-1, swg22017525, VIGILANCE-VUL-14799, VMSA-2014-0008, VMSA-2014-0008.1, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The Apache Struts product is used to develop Java EE applications.

However, the "class" parameter is mapped to getClass(), and can be used to manipulate the ClassLoader.

An attacker can therefore use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-0009 CVE-2007-1858 CVE-2012-3499

Oracle Fusion: several vulnerabilities of January 2014

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in January 2014.
Impacted products: Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle Portal, Oracle Web Tier, Sun AS.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 19.
Creation date: 15/01/2014.
Identifiers: BID-64815, BID-64819, BID-64822, BID-64827, BID-64829, BID-64830, BID-64835, BID-64838, BID-64842, CERTA-2014-AVI-022, cpujan2014, CVE-2007-0009, CVE-2007-1858, CVE-2012-3499, CVE-2012-3544, CVE-2012-4605, CVE-2013-1620, CVE-2013-1654, CVE-2013-1862, CVE-2013-4316, CVE-2013-5785, CVE-2013-5808, CVE-2013-5869, CVE-2013-5900, CVE-2013-5901, CVE-2014-0374, CVE-2014-0383, CVE-2014-0391, CVE-2014-0400, VIGILANCE-VUL-14089.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-4316]

An attacker can use a vulnerability of Oracle Reports Developer, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64819, CVE-2013-5785]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2007-0009]

An attacker can use a vulnerability of Oracle Internet Directory, in order to obtain information. [severity:3/4; BID-64822, CVE-2014-0400]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2013-1862]

An attacker can use a vulnerability of Oracle Enterprise Data Quality, in order to trigger a denial of service. [severity:2/4; CVE-2012-3544]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2013-1654]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:2/4; CVE-2012-4605]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64829, CVE-2014-0391]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain information. [severity:2/4; BID-64835, CVE-2013-5869]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2012-3499]

An attacker can use a vulnerability of Oracle Identity Manager, in order to alter information. [severity:2/4; BID-64838, CVE-2013-5900]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64815, CVE-2013-5901]

An attacker can use a vulnerability of Oracle Portal, in order to alter information. [severity:2/4; BID-64830, CVE-2014-0374]

An attacker can use a vulnerability of Oracle Traffic Director, Oracle iPlanet Web Server and Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64842, CVE-2014-0383]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2007-1858]

An attacker can use a vulnerability of Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:1/4; BID-64827, CVE-2013-5808]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-1741 CVE-2013-2566 CVE-2013-5605

NSS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NSS.
Impacted products: Debian, Fedora, Junos Space, Firefox, NSS, SeaMonkey, Thunderbird, openSUSE, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data flow, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/11/2013.
Revision date: 19/11/2013.
Identifiers: BID-58796, BID-63736, BID-63737, BID-63738, CERTA-2013-AVI-642, CERTFR-2014-AVI-318, CERTFR-2017-AVI-012, cpuapr2017, cpujul2014, cpuoct2016, cpuoct2017, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, DSA-2800-1, DSA-2994-1, DSA-3071-1, FEDORA-2013-22456, FEDORA-2013-22467, FEDORA-2013-23301, FEDORA-2013-23479, JSA10770, MFSA 2013-103, openSUSE-SU-2013:1730-1, openSUSE-SU-2013:1732-1, RHSA-2013:1791-01, RHSA-2013:1829-01, RHSA-2013:1840-01, RHSA-2013:1841-01, RHSA-2014:0041-01, SSA:2013-339-01, SSA:2013-339-02, SSA:2013-339-03, SUSE-SU-2013:1807-1, VIGILANCE-VUL-13789.

Description of the vulnerability

Several vulnerabilities were announced in NSS.

On a 64 bit computer, an attacker can generate the initialization of a large memory area, in order to trigger a denial of service. [severity:1/4; BID-63736, CVE-2013-1741]

An attacker can generate a buffer overflow in Null Cipher, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63738, CVE-2013-5605]

When verifyLog is used, the return code of CERT_VerifyCert() is incorrect, so an invalid certificate may be accepted. [severity:2/4; BID-63737, CVE-2013-5606]

When an attacker has 2^30 RC4 encrypted messages with different keys, he can guess the clear text message (VIGILANCE-VUL-12530). [severity:1/4; BID-58796, CVE-2013-2566]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-2566

SSL/TLS: obtaining messages encrypted by RC4

Synthesis of the vulnerability

When an attacker has 2^30 RC4 encrypted messages with different keys, he can guess the clear text message.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Avamar, BIG-IP Hardware, TMOS, HP Switch, Opera, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 15/03/2013.
Identifiers: 523628, BID-58796, BSA-2015-007, c05336888, cpuapr2017, cpujan2018, cpuoct2016, cpuoct2017, CVE-2013-2566, DSA-2018-124, HPSBHF03673, SOL14638, VIGILANCE-VUL-12530.

Description of the vulnerability

A SSL/TLS session can negotiate different encryption algorithms.

The RC4 algorithm uses a continuous stream of bytes generated from the key. This stream if then combined (XOR) with the clear text message.

However, the generated stream is biased. A statistical analysis of million of encrypted messages shows this bias.

When an attacker has 2^30 (minimum 2^24) RC4 encrypted messages with different keys, he can therefore guess the clear text message. This vulnerability is hard to exploit because of the quantity of messages required to perform the attack.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-1738

Oracle iPlanet Web Server: denial of service

Synthesis of the vulnerability

An attacker can create a denial of service on Oracle iPlanet Web Server.
Impacted products: Oracle iPlanet Web Server, Oracle Web Tier.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 18/07/2012.
Identifiers: BID-54515, CERTA-2012-AVI-393, cpujul2012, CVE-2012-1738, VIGILANCE-VUL-11779.

Description of the vulnerability

An attacker can create a denial of service on Oracle iPlanet Web Server.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-0516

Oracle iPlanet Web Server: vulnerability of Administration Console

Synthesis of the vulnerability

An attacker can use a vulnerability of the web administration console of Oracle iPlanet Web Server, in order to obtain information, to alter information, or to create a denial of service.
Impacted products: Oracle iPlanet Web Server, Oracle Web Tier.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Creation date: 18/04/2012.
Identifiers: BID-53133, CERTA-2012-AVI-220, cpuapr2012, CVE-2012-0516, VIGILANCE-VUL-11551.

Description of the vulnerability

An attacker can use a vulnerability of the web administration console of Oracle iPlanet Web Server, in order to obtain information, to alter information, or to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-3414 CVE-2011-4461 CVE-2011-4462

Multiple: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: CheckPoint Endpoint Security, CheckPoint Security Gateway, Debian, Fedora, WebSphere AS Traditional, IIS, .NET Framework, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, Snap Creator Framework, openSUSE, Oracle AS, Oracle Communications, Oracle DB, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, RHEL.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 11.
Creation date: 28/12/2011.
Revision date: 22/02/2012.
Identifiers: 1506603, 2638420, 2659883, BID-51186, BID-51194, BID-51195, BID-51196, BID-51197, BID-51199, BID-51235, BID-51441, CERTA-2011-AVI-727, CERTA-2011-AVI-728, cpujul2018, CVE-2011-3414, CVE-2011-4461, CVE-2011-4462, CVE-2011-4885, CVE-2011-5034, CVE-2011-5035, CVE-2011-5036, CVE-2011-5037, CVE-2012-0039, CVE-2012-0193, CVE-2012-0839, DSA-2783-1, DSA-2783-2, FEDORA-2012-0730, FEDORA-2012-0752, MS11-100, n.runs-SA-2011.004, NTAP-20190307-0004, oCERT-2011-003, openSUSE-SU-2012:0262-1, PM53930, RHSA-2012:1604-01, RHSA-2012:1605-01, RHSA-2012:1606-01, RHSA-2013:1455-01, RHSA-2013:1456-01, sk66350, VIGILANCE-VUL-11254, VU#903934.

Description of the vulnerability

A hash table stores information, as keys pointing to values. Each key is converted to an integer, which is the index of the area where to store data. For example:
 - keyA is converted to 34
 - keyB is converted to 13
Data are then stored at offsets 34 and 13.

In most cases, these keys generate integers which are uniformly located in the storage area (which runs for example between 0 and 99). However, if an attacker computes his keys in such a way that they are converted to the same integer (for example 34), all data are stored at the same location (at the index 34). The access time to these data is thus very large.

A posted HTTP form is used to send a lot of variables. For example: var1=a, var2=b, etc. Web servers store these variables in a hash table. However, if the attacker computes his keys (variable names) in such a way that they are all stored at the same place, he can overload the server.

Other features, such as a JSON parser or additional services, can also be used as an attack vector.

The following products are also impacted:
 - Apache APR (VIGILANCE-VUL-11380)
 - Apache Xerces-C++ (VIGILANCE-VUL-15082)
 - Apache Xerces Java (VIGILANCE-VUL-15083)
 - expat (VIGILANCE-VUL-11420)
 - Java Lightweight HTTP Server (VIGILANCE-VUL-11381)
 - Java Language (VIGILANCE-VUL-11715)
 - libxml2 (VIGILANCE-VUL-11384)
 - PHP (VIGILANCE-VUL-11379)
 - Python (VIGILANCE-VUL-11416)
 - Ruby (VIGILANCE-VUL-11382)
 - Tomcat (VIGILANCE-VUL-11383)

An attacker can therefore send data generating storage collisions, in order to overload a service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-3389 CVE-2012-1870

SSL, TLS: obtaining HTTPS Cookies, BEAST

Synthesis of the vulnerability

An attacker, who can control HTTPS connections of victim's web browser and which has a sufficient bandwidth, can use several SSL sessions in order to compute HTTP headers, such as cookies.
Impacted products: Asterisk Open Source, IPSO, SecurePlatform, CheckPoint Security Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Domino, Mandriva Linux, IIS, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, Java OpenJDK, openSUSE, Opera, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Java Oracle, Oracle Web Tier, SSL protocol, RHEL, Sun AS, SUSE Linux Enterprise Desktop, SLES, Nessus.
Severity: 1/4.
Consequences: data reading.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 26/09/2011.
Identifiers: 2588513, 2643584, 2655992, AST-2016-001, BID-49778, BID-54304, c03122753, CERTA-2012-AVI-381, CERTFR-2016-AVI-046, CVE-2004-2770-REJECT, CVE-2011-3389, CVE-2012-1870, DSA-2368-1, DSA-2398-1, DSA-2398-2, FEDORA-2012-5916, FEDORA-2012-5924, FEDORA-2012-9135, FEDORA-2014-13764, FEDORA-2014-13777, HPSBUX02730, javacpuoct2011, MDVSA-2012:058, MDVSA-2012:096, MDVSA-2012:096-1, MDVSA-2012:097, MS12-006, MS12-049, openSUSE-SU-2012:0030-1, openSUSE-SU-2012:0063-1, openSUSE-SU-2012:0199-1, openSUSE-SU-2012:0229-1, openSUSE-SU-2012:0667-1, RHSA-2012:0034-01, RHSA-2013:1455-01, RHSA-2013:1456-01, sk74100, sk86440, SOL13400, SSRT100710, SUSE-SU-2012:0114-1, SUSE-SU-2012:0114-2, SUSE-SU-2012:0122-1, SUSE-SU-2012:0122-2, swg21568229, VIGILANCE-VUL-11014, VU#864643.

Description of the vulnerability

The SSL/TLS protocol supports CBC (Cipher Block Chaining) encryption: a clear block is "XORed" (operation Exclusive OR) with the last encrypted block, and the result is encrypted. This dependence between a block and its previous block was the subject of several theoretical studies since 2002, and led to the definition of TLS 1.1 in 2006, which uses a different algorithm.

The HTTPS "protocol", used by web browsers, encapsulates an HTTP session in a SSL/TLS session. An HTTP query is like:
  GET /abcdefg HTTP/1.0
  Headers (cookies)
  ...
This query is fragmented in blocks of 8 bytes, which are encrypted by CBC. The first block is thus "GET /abc".

An attacker can setup a malicious web site, and invite the victim to connect. This web site can request the victim's web browser to load the page "/abcdefg" of a site secured by SSL/TLS.

The attacker controls the size of the requested url (via "/abcdefg"), so he can place the first byte of headers at the end of a block (the 7 other bytes are known: "P/1.1\r\n"). This blocks follows a block which is fully known ("defg HTT"). The attacker can then capture the encrypted SSL/TLS session, and memorize the last encrypted block. This block is used as an initialization vector to compute an XOR between "defg HTT" (block 2) encrypted, and a guessed character located at the end of "P/1.1\r\n" (block 3). The result is reinjected by the attacker at the end of the HTTP query in clear text. He captures the resulting encrypted block, and if it is the same as the third encrypted block, then the guessed character was correct. The attacker repeats these queries as many times as necessary.

An attacker, who can control HTTPS connections of victim's web browser and which has a sufficient bandwidth, can therefore use several SSL sessions in order to compute HTTP headers, such as cookies.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Sun Java System Web Server: