Lucene search

K
cve[email protected]CVE-2019-1559
HistoryFeb 27, 2019 - 11:29 p.m.

CVE-2019-1559

2019-02-2723:29:00
CWE-203
web.nvd.nist.gov
562
2
cve-2019-1559
information security
openssl
padding oracle
protocol error
remote exploit
vulnerability
nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable “non-stitched” ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Affected configurations

NVD
Node
opensslopensslRange1.0.21.0.2r
Node
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch18.10
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netappactive_iq_unified_managerMatch-windows
OR
netappaltavaultMatch-
OR
netappcloud_backupMatch-
OR
netappclustered_data_ontap_antivirus_connectorMatch-
OR
netappelement_softwareMatch-
OR
netapphci_management_nodeMatch-
OR
netapphyper_converged_infrastructureMatch-
OR
netapponcommand_insightMatch-
OR
netapponcommand_unified_managerMatch-
OR
netapponcommand_unified_managerMatch-vsphere
OR
netapponcommand_unified_manager_core_packageMatch-
OR
netapponcommand_workflow_automationMatch-
OR
netappontap_select_deployMatch-
OR
netappontap_select_deploy_administration_utilityMatch-
OR
netappsantricity_smi-s_providerMatch-
OR
netappservice_processorMatch-
OR
netappsmi-s_providerMatch-
OR
netappsnapcenterMatch-
OR
netappsnapdriveMatch-unix
OR
netappsnapdriveMatch-windows
OR
netappsnapprotectMatch-
OR
netappsolidfireMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
OR
netappstorage_automation_storeMatch-
OR
netappstoragegridRange9.0.09.0.4
OR
netappstoragegridMatch-
OR
netapphci_compute_nodeMatch-
Node
f5big-ip_access_policy_managerRange12.1.012.1.5
OR
f5big-ip_access_policy_managerRange13.0.013.1.3
OR
f5big-ip_access_policy_managerRange14.0.014.1.2
OR
f5big-ip_access_policy_managerRange15.0.015.1.0
OR
f5big-ip_advanced_firewall_managerRange12.1.012.1.5
OR
f5big-ip_advanced_firewall_managerRange13.0.013.1.3
OR
f5big-ip_advanced_firewall_managerRange14.0.014.1.2
OR
f5big-ip_advanced_firewall_managerRange15.0.015.1.0
OR
f5big-ip_analyticsRange12.1.012.1.5
OR
f5big-ip_analyticsRange13.0.013.1.3
OR
f5big-ip_analyticsRange14.0.014.1.2
OR
f5big-ip_analyticsRange15.0.015.1.0
OR
f5big-ip_application_acceleration_managerRange12.1.012.1.5
OR
f5big-ip_application_acceleration_managerRange13.0.013.1.3
OR
f5big-ip_application_acceleration_managerRange14.0.014.1.2
OR
f5big-ip_application_acceleration_managerRange15.0.015.1.0
OR
f5big-ip_application_security_managerRange12.1.012.1.5
OR
f5big-ip_application_security_managerRange13.0.013.1.3
OR
f5big-ip_application_security_managerRange14.0.014.1.2
OR
f5big-ip_application_security_managerRange15.0.015.1.0
OR
f5big-ip_domain_name_systemRange12.1.012.1.5
OR
f5big-ip_domain_name_systemRange13.0.013.1.3
OR
f5big-ip_domain_name_systemRange14.0.014.1.2
OR
f5big-ip_domain_name_systemRange15.0.015.1.0
OR
f5big-ip_edge_gatewayRange12.1.012.1.5
OR
f5big-ip_edge_gatewayRange13.0.013.1.3
OR
f5big-ip_edge_gatewayRange14.0.014.1.2
OR
f5big-ip_edge_gatewayRange15.0.015.1.0
OR
f5big-ip_fraud_protection_serviceRange12.1.012.1.5
OR
f5big-ip_fraud_protection_serviceRange13.0.013.1.3
OR
f5big-ip_fraud_protection_serviceRange14.0.014.1.2
OR
f5big-ip_fraud_protection_serviceRange15.0.015.1.0
OR
f5big-ip_global_traffic_managerRange12.1.012.1.5
OR
f5big-ip_global_traffic_managerRange13.0.013.1.3
OR
f5big-ip_global_traffic_managerRange14.0.014.1.2
OR
f5big-ip_global_traffic_managerRange15.0.015.1.0
OR
f5big-ip_link_controllerRange12.1.012.1.5
OR
f5big-ip_link_controllerRange13.0.013.1.3
OR
f5big-ip_link_controllerRange14.0.014.1.2
OR
f5big-ip_link_controllerRange15.0.015.1.0
OR
f5big-ip_local_traffic_managerRange12.1.012.1.5
OR
f5big-ip_local_traffic_managerRange13.0.013.1.3
OR
f5big-ip_local_traffic_managerRange14.0.014.1.2
OR
f5big-ip_local_traffic_managerRange15.0.015.1.0
OR
f5big-ip_policy_enforcement_managerRange12.1.012.1.5
OR
f5big-ip_policy_enforcement_managerRange13.0.013.1.3
OR
f5big-ip_policy_enforcement_managerRange14.0.014.1.2
OR
f5big-ip_policy_enforcement_managerRange15.0.015.1.0
OR
f5big-ip_webacceleratorRange12.1.012.1.5
OR
f5big-ip_webacceleratorRange13.0.013.1.3
OR
f5big-ip_webacceleratorRange14.0.014.1.2
OR
f5big-ip_webacceleratorRange15.0.015.1.0
OR
f5big-iq_centralized_managementRange6.0.06.1.0
OR
f5big-iq_centralized_managementRange7.0.07.1.0
OR
f5traffix_signaling_delivery_controllerRange5.0.05.1.0
OR
f5traffix_signaling_delivery_controllerMatch4.4.0
Node
tenablenessusRange8.2.3
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
OR
opensuseleapMatch42.3
Node
netappcn1610_firmwareMatch-
AND
netappcn1610Match-
Node
netappa320_firmwareMatch-
AND
netappa320Match-
Node
netappc190_firmwareMatch-
AND
netappc190Match-
Node
netappa220_firmwareMatch-
AND
netappa220Match-
Node
netappfas2720_firmwareMatch-
AND
netappfas2720Match-
Node
netappfas2750_firmwareMatch-
AND
netappfas2750Match-
Node
netappa800_firmwareMatch-
AND
netappa800Match-
Node
fedoraprojectfedoraMatch29
OR
fedoraprojectfedoraMatch30
OR
fedoraprojectfedoraMatch31
Node
mcafeeagentRange5.6.05.6.4
OR
mcafeedata_exchange_layerRange4.0.06.0.0
OR
mcafeethreat_intelligence_exchange_serverRange2.0.03.0.0
OR
mcafeeweb_gatewayRange7.0.09.0.0
Node
redhatjboss_enterprise_web_serverMatch5.0.0
AND
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch8.0
Node
redhatvirtualizationMatch4.0
OR
redhatvirtualization_hostMatch4.0
AND
redhatenterprise_linuxMatch7.0
Node
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
oracleapi_gatewayMatch11.1.2.4.0
OR
oraclebusiness_intelligenceMatch11.1.1.9.0enterprise
OR
oraclebusiness_intelligenceMatch12.2.1.3.0enterprise
OR
oraclebusiness_intelligenceMatch12.2.1.4.0enterprise
OR
oraclecommunications_diameter_signaling_routerMatch8.0.0
OR
oraclecommunications_diameter_signaling_routerMatch8.1
OR
oraclecommunications_diameter_signaling_routerMatch8.2
OR
oraclecommunications_diameter_signaling_routerMatch8.3
OR
oraclecommunications_diameter_signaling_routerMatch8.4
OR
oraclecommunications_performance_intelligence_centerMatch10.4.0.2
OR
oraclecommunications_session_border_controllerMatch7.4
OR
oraclecommunications_session_border_controllerMatch8.0.0
OR
oraclecommunications_session_border_controllerMatch8.1.0
OR
oraclecommunications_session_border_controllerMatch8.2
OR
oraclecommunications_session_border_controllerMatch8.3
OR
oraclecommunications_session_routerMatch7.4
OR
oraclecommunications_session_routerMatch8.0
OR
oraclecommunications_session_routerMatch8.1
OR
oraclecommunications_session_routerMatch8.2
OR
oraclecommunications_session_routerMatch8.3
OR
oraclecommunications_unified_session_managerMatch7.3.5
OR
oraclecommunications_unified_session_managerMatch8.2.5
OR
oracleendeca_serverMatch7.7.0
OR
oracleenterprise_manager_base_platformMatch12.1.0.5.0
OR
oracleenterprise_manager_base_platformMatch13.2.0.0.0
OR
oracleenterprise_manager_base_platformMatch13.3.0.0.0
OR
oracleenterprise_manager_ops_centerMatch12.3.3
OR
oracleenterprise_manager_ops_centerMatch12.4.0
OR
oraclejd_edwards_enterpriseone_toolsMatch9.2
OR
oraclejd_edwards_world_securityMatcha9.3
OR
oraclejd_edwards_world_securityMatcha9.3.1
OR
oraclejd_edwards_world_securityMatcha9.4
OR
oraclemysqlRange5.6.05.6.43
OR
oraclemysqlRange5.7.05.7.25
OR
oraclemysqlRange8.0.08.0.15
OR
oraclemysql_enterprise_monitorRange4.0.8
OR
oraclemysql_enterprise_monitorRange8.0.08.0.14
OR
oraclemysql_workbenchRange8.0.16
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.55
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.56
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.57
OR
oraclesecure_global_desktopMatch5.4
OR
oracleservices_tools_bundleMatch19.2
Node
paloaltonetworkspan-osRange7.1.07.1.15
OR
paloaltonetworkspan-osRange8.0.08.0.20
OR
paloaltonetworkspan-osRange8.1.08.1.8
OR
paloaltonetworkspan-osRange9.0.09.0.2
Node
nodejsnode.jsRange6.0.06.8.1-
OR
nodejsnode.jsRange6.9.06.17.0lts
OR
nodejsnode.jsRange8.0.08.8.1-
OR
nodejsnode.jsRange8.9.08.15.1lts
CPENameOperatorVersion
openssl:opensslopenssllt1.0.2r

CNA Affected

[
  {
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
      }
    ]
  }
]

References

Social References

More

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%