Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:9508E80FC3841EA0C8796974EB59D970
HistoryMar 21, 2019 - 12:00 a.m.

USN-3899-1: OpenSSL vulnerability | Cloud Foundry

2019-03-2100:00:00
Cloud Foundry
www.cloudfoundry.org
81

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 16.04
  • Canonical Ubuntu 18.04

Description

Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.

CVEs contained in this USN include: CVE-2019-1559

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • Cloud Foundry BOSH xenial-stemcells are vulnerable, including:
    • 250.x versions prior to 250.21
    • 170.x versions prior to 170.39
    • 97.x versions prior to 97.66
    • All other stemcells not listed.
  • All versions of Cloud Foundry cflinuxfs3 prior to 0.65.0

Mitigation

Users of affected products are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells:
    • Upgrade 250.x versions to 250.21
    • Upgrade 170.x versions to 170.39
    • Upgrade 97.x versions to 97.66
    • All other stemcells should be upgraded to the latest version available on bosh.io.
  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.65.0 or later.

References

Related

ibm 51
suse 6
nessus 62
debian 2
openssl 1
mageia 1
openvas 37
slackware 1
qualysblog 1
altlinux 1
osv 3
debiancve 1
aix 1
symantec 1
prion 1
redhat 4
ubuntu 2
paloalto 1
freebsd 2
veracode 1
redhatcve 1
f5 1
centos 2
cve 1
alpinelinux 1
archlinux 2
ubuntucve 1
gentoo 1
amazon 3
oraclelinux 4
nodejsblog 1
fedora 1
ibm
ibm
Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera Desktop Client 3.9.1 and earlier (CVE-2019-1559)
2020-04-24 23:17:31
Security Bulletin: IBM RackSwitch firmware products are affected by the following OpenSLL vulnerability
2020-02-28 20:01:10
Security Bulletin: Public disclosed vulnerability from OpenSSL affect IBM Netezza Host Management
2020-06-09 18:17:14
suse
suse
Security update for compat-openssl098 (moderate)
2019-06-27 00:00:00
Security update for openssl-1_0_0 (moderate)
2019-04-02 00:00:00
Security update for openssl (moderate)
2019-04-08 00:00:00
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (K18549143)
2023-11-03 00:00:00
Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20190813)
2019-08-14 00:00:00
NewStart CGSL MAIN 4.06 : openssl Vulnerability (NS-SA-2019-0176)
2019-09-11 00:00:00
debian
debian
[SECURITY] [DLA 1701-1] openssl security update
2019-03-01 22:55:06
[SECURITY] [DSA 4400-1] openssl1.0 security update
2019-02-28 22:13:35
openssl
openssl
Vulnerability in OpenSSL CVE-2019-1559
2019-02-26 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2019-03-07 19:34:45
openvas
openvas
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1325)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-1701-1)
2019-03-03 00:00:00
openSUSE: Security Advisory for openssl-1_0_0 (openSUSE-SU-2019:1432-1)
2020-01-09 00:00:00
slackware
slackware
[slackware-security] openssl (slackware 14.2)
2019-02-27 04:12:59
qualysblog
qualysblog
Zombie POODLE and GOLDENDOODLE Vulnerabilities
2019-04-22 08:40:40
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2r-alt1
2019-03-20 00:00:00
osv
osv
openssl - security update
2019-03-01 00:00:00
CVE-2019-1559
2019-02-27 23:29:00
openssl1.0 - security update
2019-02-28 00:00:00
debiancve
debiancve
CVE-2019-1559
2019-02-27 23:29:00
aix
aix
There is a vulnerability in OpenSSL used by AIX.
2019-04-16 10:48:55
symantec
symantec
OpenSSL CVE-2019-1559 Information Disclosure Vulnerability
2019-02-26 00:00:00
prion
prion
Design/Logic Flaw
2019-02-27 23:29:00
redhat
redhat
(RHSA-2019:2471) Moderate: openssl security update
2019-08-13 14:07:51
(RHSA-2019:2304) Moderate: openssl security and bug fix update
2019-08-06 08:23:32
(RHSA-2019:2439) Moderate: rhvm-appliance security, bug fix, and enhancement update
2019-08-12 10:52:42
ubuntu
ubuntu
OpenSSL vulnerability
2019-02-27 00:00:00
OpenSSL vulnerabilities
2020-07-09 00:00:00
paloalto
paloalto
OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS
2019-12-04 17:00:00
freebsd
freebsd
OpenSSL -- Padding oracle vulnerability
2019-02-19 00:00:00
Node.js -- multiple vulnerabilities
2019-02-28 00:00:00
veracode
veracode
Padding Oracle Attack
2019-03-01 01:32:23
redhatcve
redhatcve
CVE-2019-1559
2019-10-08 17:49:09
f5
f5
K18549143 : OpenSSL vulnerability CVE-2019-1559
2019-03-19 00:00:00
centos
centos
openssl security update
2019-08-16 21:53:45
openssl security update
2019-08-30 03:49:42
cve
cve
CVE-2019-1559
2019-02-27 23:29:00
alpinelinux
alpinelinux
CVE-2019-1559
2019-02-27 23:29:00
archlinux
archlinux
[ASA-201903-6] lib32-openssl-1.0: information disclosure
2019-03-03 00:00:00
[ASA-201903-2] openssl-1.0: information disclosure
2019-03-02 00:00:00
ubuntucve
ubuntucve
CVE-2019-1559
2019-02-26 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2019-03-14 00:00:00
amazon
amazon
Medium: openssl
2019-04-04 21:45:00
Medium: openssl
2019-11-11 17:41:00
Medium: openssl
2019-04-04 19:13:00
oraclelinux
oraclelinux
openssl security and bug fix update
2019-08-13 00:00:00
openssl security update
2019-08-19 00:00:00
openssl security update
2019-08-14 00:00:00
nodejsblog
nodejsblog
February 2019 Security Releases
2019-02-28 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: compat-openssl10-1.0.2o-8.fc31
2019-09-21 00:04:14

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON
Related for CFOUNDRY:9508E80FC3841EA0C8796974EB59D970
ibm51suse6nessus62debian2openssl1mageia1openvas37slackware1qualysblog1altlinux1osv3debiancve1aix1symantec1prion1redhat4ubuntu2paloalto1freebsd2veracode1redhatcve1f51centos2cve1alpinelinux1archlinux2ubuntucve1gentoo1amazon3oraclelinux4nodejsblog1fedora1