Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2023 Tenable Network Security, Inc.IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL
HistoryMar 12, 2015 - 12:00 a.m.

IBM Rational ClearQuest 7.1.x < 7.1.2.16 / 8.0.0.x < 8.0.0.13 / 8.0.1.x < 8.0.1.6 Multiple Vulnerabilities (credentialed check) (POODLE)

2015-03-1200:00:00
This script is Copyright (C) 2015-2023 Tenable Network Security, Inc.
www.tenable.com
595
JSON

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.16 / 8.0.0.x prior to 8.0.0.13 / 8.0.1.x prior to 8.0.1.6 installed. It is, therefore, potentially affected by multiple vulnerabilities in third party libraries :

  • An error exists in the libcURL and OpenSSL libraries related to an IP address that uses a wildcard in the subject’s Common Name (CN) field of an X.509 certificate. A man-in-the-middle attacker can exploit this issue to spoof SSL servers. (CVE-2014-0139)

  • An error exists in the OpenSSL library related to ‘ec point format extension’ handling and multithreaded clients that allows freed memory to be overwritten during a resumed session. (CVE-2014-3509)

  • An error exists in the OpenSSL library related to handling fragmented ‘ClientHello’ messages that allow a man-in-the-middle attacker to force usage of TLS 1.0 regardless of higher protocol levels being supported by both the server and the client. (CVE-2014-3511)

  • A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)

  • An information disclosure flaw exists in the Java library within the ‘share/classes/sun/security/rsa/RSACore.java’ class related to ‘RSA blinding’ caused during operations using private keys and measuring timing differences. This allows a remote attacker to gain information about used keys. (CVE-2014-4244)

  • A flaw exists in the Java library within the ‘validateDHPublicKey’ function in the ‘share/classes/sun/security/util/KeyUtil.java’ class which is triggered during the validation of Diffie-Hellman public key parameters. This allows a remote attacker to recover a key. (CVE-2014-4263)

  • A NULL pointer dereference error exists in the OpenSSL library related to handling Secure Remote Password protocol (SRP) that allows a malicious server to crash a client, resulting in a denial of service.
    (CVE-2014-5139)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(81784);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/23");

  script_cve_id(
    "CVE-2014-0139",
    "CVE-2014-3509",
    "CVE-2014-3511",
    "CVE-2014-3566",
    "CVE-2014-4244",
    "CVE-2014-4263",
    "CVE-2014-5139"
  );
  script_bugtraq_id(
    66458,
    68624,
    68636,
    69077,
    69079,
    69084,
    70574
  );
  script_xref(name:"CERT", value:"577193");

  script_name(english:"IBM Rational ClearQuest 7.1.x < 7.1.2.16 / 8.0.0.x < 8.0.0.13 / 8.0.1.x < 8.0.1.6 Multiple Vulnerabilities (credentialed check) (POODLE)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has software installed that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host has a version of IBM Rational ClearQuest 7.1.x prior
to 7.1.2.16 / 8.0.0.x prior to 8.0.0.13 / 8.0.1.x prior to 8.0.1.6
installed. It is, therefore, potentially affected by multiple
vulnerabilities in third party libraries :

  - An error exists in the libcURL and OpenSSL libraries
    related to an IP address that uses a wildcard in the
    subject's Common Name (CN) field of an X.509
    certificate. A man-in-the-middle attacker can exploit
    this issue to spoof SSL servers. (CVE-2014-0139)

  - An error exists in the OpenSSL library related to
    'ec point format extension' handling and multithreaded
    clients that allows freed memory to be overwritten
    during a resumed session. (CVE-2014-3509)
 
  - An error exists in the OpenSSL library related to
    handling fragmented 'ClientHello' messages that allow a
    man-in-the-middle attacker to force usage of TLS 1.0
    regardless of higher protocol levels being supported by
    both the server and the client. (CVE-2014-3511)

  - A man-in-the-middle (MitM) information disclosure
    vulnerability known as POODLE. The vulnerability is due
    to the way SSL 3.0 handles padding bytes when decrypting
    messages encrypted using block ciphers in cipher block
    chaining (CBC) mode. MitM attackers can decrypt a
    selected byte of a cipher text in as few as 256 tries if
    they are able to force a victim application to
    repeatedly send the same data over newly created SSL 3.0
    connections. (CVE-2014-3566)

  - An information disclosure flaw exists in the Java
    library within the
    'share/classes/sun/security/rsa/RSACore.java' class
    related to 'RSA blinding' caused during operations using
    private keys and measuring timing differences. This
    allows a remote attacker to gain information about used
    keys. (CVE-2014-4244)

  - A flaw exists in the Java library within the
    'validateDHPublicKey' function in the
    'share/classes/sun/security/util/KeyUtil.java' class
    which is triggered during the validation of
    Diffie-Hellman public key parameters. This allows a
    remote attacker to recover a key. (CVE-2014-4263)

  - A NULL pointer dereference error exists in the OpenSSL
    library related to handling Secure Remote Password
    protocol (SRP) that allows a malicious server to crash a
    client, resulting in a denial of service.
    (CVE-2014-5139)");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21692062");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21687405");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21677290");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21692139");
  script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2014/10/14/poodle.html");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/ssl-poodle.pdf");
  script_set_attribute(attribute:"see_also", value:"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Rational ClearQuest 7.1.2.16 / 8.0.0.13 / 8.0.1.6 or
later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3509");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2014-3566");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/12");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:rational_clearquest");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2023 Tenable Network Security, Inc.");

  script_dependencies("ibm_rational_clearquest_installed.nasl");
  script_require_keys("installed_sw/IBM Rational ClearQuest", "Settings/ParanoidReport");

  exit(0);
}

include('ibm_rational_clearquest_version.inc');

rational_clearquest_check_version(
  fixes:make_nested_list(
    make_array("Min", "7.1.0.0", "Fix UI", "7.1.2.16", "Fix", "7.1216.0.145"),
    make_array("Min", "8.0.0.0", "Fix UI", "8.0.0.13", "Fix", "8.13.0.721"),
    make_array("Min", "8.0.1.0", "Fix UI", "8.0.1.6",  "Fix", "8.106.0.432")),
  severity:SECURITY_WARNING,
  paranoid:TRUE   #only affects Web client component
);
VendorProductVersionCPE
ibmrational_clearquestcpe:/a:ibm:rational_clearquest

Related

ibm 88
nessus 31
redhat 2
openvas 11
freebsd_advisory 1
osv 2
aix 1
amazon 1
mageia 2
freebsd 1
debiancve 4
checkpoint_advisories 2
f5 6
ubuntucve 6
veracode 6
debian 1
huawei 1
ubuntu 1
cve 6
prion 6
openssl 3
slackware 1
altlinux 5
alpinelinux 1
securityvulns 1
kaspersky 1
fedora 7
suse 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect Rational ClearQuest (CVE-2014-5139, CVE-2014-3509, CVE-2014-3511)
2018-09-29 18:04:03
Security Bulletin: Multiple vulnerabilities in OpenSSL affect Rational ClearCase (CVE-2014-5139, CVE-2014-3509, CVE-2014-3511)
2018-07-10 08:34:12
Security Bulletin: Rational RequisitePro affected by OpenSSL vulnerabilities: (CVE-2014-5139, CVE-2014-3509, CVE-2014-3511)
2018-06-17 04:59:01
nessus
nessus
Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10649)
2014-10-14 00:00:00
RHEL 6 : rhevm-spice-client (RHSA-2015:0197)
2015-09-01 00:00:00
Oracle JRockit R27 < R27.8.3.9 / R28 < R28.3.3.10 Multiple Vulnerabilities (July 2014 CPU)
2014-07-29 00:00:00
redhat
redhat
(RHSA-2015:0197) Moderate: rhevm-spice-client security and bug fix update
2014-07-25 00:00:00
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
openvas
openvas
OpenSSL Multiple Vulnerabilities (20140806 - 2) - Linux
2021-07-19 00:00:00
OpenSSL Multiple Vulnerabilities (20140806 - 2) - Windows
2021-07-19 00:00:00
Mageia: Security Advisory (MGASA-2015-0165)
2022-01-28 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:18.openssl
2014-09-09 00:00:00
osv
osv
CVE-2014-0139
2014-04-15 14:55:00
openssl - security update
2014-08-07 00:00:00
aix
aix
AIX OpenSSL Denial of Service due to double free and others
2014-09-09 00:50:00
amazon
amazon
Medium: openssl
2014-08-07 12:26:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2014-08-12 13:16:46
Updated lftp packages fix CVE-2014-0139
2015-04-24 00:14:25
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2014-08-06 00:00:00
debiancve
debiancve
CVE-2014-0139
2014-04-15 14:55:00
CVE-2014-5139
2014-08-13 23:55:00
CVE-2014-3511
2014-08-13 23:55:00
checkpoint_advisories
checkpoint_advisories
OpenSSL TLS Missing SRP Extension Denial of Service (CVE-2014-5139)
2015-01-27 00:00:00
OpenSSL TLS Protocol Downgrade Attack (CVE-2014-3511)
2014-11-10 00:00:00
f5
f5
SOL15567 - OpenSSL vulnerability CVE-2014-5139
2014-09-05 00:00:00
K15567 : OpenSSL vulnerability CVE-2014-5139
2014-09-05 00:00:00
K15541 : OpenSSL vulnerability CVE-2014-3509
2014-09-12 00:00:00
ubuntucve
ubuntucve
CVE-2014-5139
2014-08-07 00:00:00
CVE-2014-0139
2014-03-27 00:00:00
CVE-2014-4263
2014-07-17 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Null Pointer Dereference
2017-02-06 05:58:10
Man-in-the-Middle (MitM)
2019-06-10 05:39:48
Weak Encryption Parameters
2019-05-02 05:03:23
debian
debian
[SECURITY] [DSA 2998-1] openssl security update
2014-08-06 23:44:13
huawei
huawei
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
2014-10-08 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-08-07 00:00:00
cve
cve
CVE-2014-5139
2014-08-13 23:55:00
CVE-2014-0139
2014-04-15 14:55:00
CVE-2014-4263
2014-07-17 11:17:00
prion
prion
Design/Logic Flaw
2014-04-15 14:55:00
Null pointer dereference
2014-08-13 23:55:00
Buffer overflow
2014-07-17 11:17:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-5139
2014-08-06 00:00:00
Vulnerability in OpenSSL CVE-2014-3509
2014-08-06 00:00:00
Vulnerability in OpenSSL CVE-2014-3511
2014-08-06 00:00:00
slackware
slackware
[slackware-security] openssl
2014-08-08 21:22:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1j-alt1
2014-10-30 00:00:00
alpinelinux
alpinelinux
CVE-2014-0139
2014-04-15 14:55:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2014-08-07 00:00:00
kaspersky
kaspersky
KLA10343 Multiple vulnerabilities in Stunnel
2014-08-07 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: fossil-1.33-1.fc22
2015-10-15 03:51:23
[SECURITY] Fedora 21 Update: subscription-manager-1.13.6-1.fc21
2014-11-10 06:34:40
[SECURITY] Fedora 20 Update: claws-mail-3.11.1-2.fc20
2014-11-10 06:30:29
suse
suse
Security update for suseRegister (important)
2015-01-05 21:04:43
JSON
Related for IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL
ibm88nessus31redhat2openvas11freebsd_advisory1osv2aix1amazon1mageia2freebsd1debiancve4checkpoint_advisories2f56ubuntucve6veracode6debian1huawei1ubuntu1cve6prion6openssl3slackware1altlinux5alpinelinux1securityvulns1kaspersky1fedora7suse1