Summary

The RC4 “Bar Mitzvah” SSL/TLS may affect some configurations of the IBM HTTP Server and some configurations of the IBM Caching Proxy for WebSphere Application Server.

Vulnerability Details

CVEID: CVE-2015-2808**
DESCRIPTION:** The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information. This vulnerability is commonly referred to as “Bar Mitzvah Attack”.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101851 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

The following IBM HTTP Server (IHS) and IBM Caching Proxy for WebSphere Application Server may be affected:

• Version 8.5.5
• Version 8.5
• Version 8.0
• Version 7.0
• Version 6.1

Remediation/Fixes

For affected IBM HTTP Server for WebSphere Application Server:
The recommended solutions is to apply the interim fix, Fix Pack or PTF containing APAR PI34229 for each named product as soon as practical. APAR PI34229 defaults to remove the RC4 ciphers from the default list that is used if you do not specify any ciphers.
NOTE: If you specify any ciphers, you will also need to perform some of the steps in the mitigation section.

**
For V8.5.0.0 through 8.5.5.5 Full Profile:**

· Upgrade to a minimum of Fix Pack 8.5.5.2 or later then apply Interim Fix PI34229

--OR–
· Apply Fix Pack 8.5.5.6 or later.

**
For V8.0 through 8.0.0.10:**
· Upgrade to a minimum of Fix Pack 8.0.0.9 or later and then apply Interim Fix PI34229

--OR–
· Apply Fix Pack 8.0.0.11 or later.

**
For V7.0.0.0 through 7.0.0.37:**
· Upgrade to a minimum of Fix Pack 7.0.0.33 or later and then apply Interim Fix PI34229

--OR–
· Apply Fix Pack 7.0.0.39 or later.

You should verify applying this fix does not cause any compatibility issues. The fix disables RC4 stream cipher by default. If you change this setting you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the RC4 stream cipher and take appropriate mitigation and remediation actions.

For unsupported versions IBM recommends upgrading to a fixed support version of the product.

Workarounds and Mitigations

For affected IBM HTTP Server for WebSphere Application Server:

IBM recommends disabling RC4 in IBM HTTP Server. To disable RC4, complete the steps below:

For Version 8.0 and later:

• A simple way to mitigate this issue is to turn on FIPS140-2 support which will both disable RC4 by default and remove any RC4 ciphers added inadvertently. To enable FIPS140-2, add ‘SSLFIPSEnable’ to each configuration stanza with ‘SSLEnable’

Note: On z/OS, SSLFIPSEnable is only available in 8.5.5.0 and later and is set once globally instead of per-virtual host.

• • If you cannot enable FIPS140-2 support or if you run into a complication, you must complete all of the following to disable RC4:

1. To remove RC4 from the defaults, add the following directives to the** end** of each configuration stanza with ‘SSLEnable’ (VirtualHost or bottom of httpd.conf if SSLEnable is set globally) This step is not needed if you installed the Interim fix.
   SSLCipherSpec ALL -SSL_RSA_WITH_RC4_128_SHA -SSL_RSA_WITH_RC4_128_MD5
2. Removeany ‘SSLCipherSpec’ explicitly enabling RC4 as illustrated below:
   `

All of these must be removed to disable RC4

SSLCipherSpec SSL_RSA_WITH_RC4_128_SHA
SSLCipherSpec SSL_RSA_WITH_RC4_128_MD5
SSLCipherSpec 34
SSLCipherSpec 35`
3. Review the current configuration for SSL ciphers configured via SSLCipherSpec directives with at least two arguments each that add an RC4-based cipher.

Search for either “RC4” or the numbers “34” and “35” within SSLCipherSpec directives and removethe corresponding ciphers.

``

For example if a configuration contains: SSLCipherSpec TLSv1 +SSL_RSA_WITH_RC4_SHA +TLS_RSA_WITH_AES_128_CBC_SHA

Remove the RC4 cipher, changing the directive to:

SSLCipherSpec TLSv1 +TLS_RSA_WITH_AES_128_CVC_SHA
Do this for all the ‘SSLCipherSpec’ directives.
**
For Versions 6.0, 6.1, or 7.0:**

• One way to mitigate this issue is to turn on FIPS140-2 support which will both disable RC4 by default and result in a startup error if RC4 is inadvertently enabled.
  ``
  For each existing ‘SSLEnable’ in your IHS configuration, add ‘SSLFIPSEnable’

• If you do not wish to enable FIPS140-2 support or if you run into a complication, you may do all of the following, whichever applies to your configuration:

1. If any of the following ‘SSLCipherSpec’ directives are contained in the configuration, remove them and make sure at least 1 other SSLCipherSpec specifies a SSLv3/TLSv1 cipher. See the following bullet for an example of strong non-RC4 ciphers.
   SSLCipherSpec SSL_RSA_WITH_RC4_128_SHA SSLCipherSpec SSL_RSA_WITH_RC4_128_MD5 SSLCipherSpec 34 SSLCipherSpec 35
2. If ‘SSLEnable’ is configured, but no ‘SSLCipherSpec’ is specified, explicitly select strong ciphers (excluding RC4) with the following recommended ciphers: This step is not needed if you installed the interim fix.
   SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA
   SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA
   SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA
   ``

For affected IBM Caching Proxy for WebSphere Application Server:

IBM recommends disabling RC4 in IBM Caching Proxy. To disable RC4, complete the steps below:

For Version 8.5.5.5 and later:

• A simple way to mitigate this issue is to turn on FIPS140-2 support which will both disable RC4 by default and remove any RC4 ciphers added inadvertently. To enable FIPS140-2, add the directive ‘FIPSEnable on’’

• If you cannot enable FIPS140-2 support or if you run into a complication, you must complete all of the following to disable RC4:

1. In TLSV11Cipherspecs directive, remove any references to the following ciphers:

`

All of these must be removed to disable RC4

TLS_RSA_WITH_RC4_128_SHA(05)
TLS_RSA_WITH_RC4_128_MD5(04)

2. In V3Cipherspecs directive, remove** **any references to the following ciphers:

All of these must be removed to disable RC4

TLS_RSA_WITH_RC4_128_SHA(05)
TLS_RSA_WITH_RC4_128_MD5(04)
TLS_RSA_EXPORT_WITH_RC4_40_MD5(03)
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA(64) `
3. In V2Cipherspecs directive, remove any references to the following ciphers:
``
1-RC4 US
2-RC4 Export

**
For Versions 8.5.5.4 and earlier:**

• A simple way to mitigate this issue is to turn on FIPS140-2 support which will both disable RC4 by default and remove any RC4 ciphers added inadvertently. To enable FIPS140-2, add the directive ‘FIPSEnable on’’

• If you cannot enable FIPS140-2 support or if you run into a complication, you must complete all of the following to disable RC4:

1. In V3Cipherspecs directive, remove** **any references to the following ciphers:
   `

All of these must be removed to disable RC4

TLS_RSA_WITH_RC4_128_SHA(05)
TLS_RSA_WITH_RC4_128_MD5(04)
TLS_RSA_EXPORT_WITH_RC4_40_MD5(03)
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA(64) `
2. In V2Cipherspecs directive, remove any references to the following ciphers:
``
1-RC4 US