Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.JIRA_6_4_10.NASL
HistoryDec 07, 2015 - 12:00 a.m.

Atlassian JIRA < 6.4.10 / 7.0.0-OD-02 MitM Plaintext Disclosure (Bar Mitzvah)

2015-12-0700:00:00
This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40
JSON

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 6.4.10 or 7.0.0-OD-02. It is, therefore, potentially affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(87218);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2015-2808");
  script_bugtraq_id(73684);

  script_name(english:"Atlassian JIRA < 6.4.10 / 7.0.0-OD-02 MitM Plaintext Disclosure (Bar Mitzvah)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts a web application that is potentially
affected by a security feature bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the instance of
Atlassian JIRA hosted on the remote web server is prior to 6.4.10 or
7.0.0-OD-02. It is, therefore, potentially affected by a security
feature bypass vulnerability, known as Bar Mitzvah, due to improper
combination of state data with key data by the RC4 cipher algorithm
during the initialization phase. A man-in-the-middle attacker can
exploit this, via a brute-force attack using LSB values, to decrypt
the traffic.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  # https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4bbf45ac");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Atlassian JIRA version 6.4.10 / 7.0.0-OD-02 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-2808");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/07");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:jira");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("jira_detect.nasl");
  script_require_keys("installed_sw/Atlassian JIRA", "Settings/ParanoidReport");
  script_require_ports("Services/www", 8080);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("http.inc");
include("misc_func.inc");
include("install_func.inc");

app_name = "Atlassian JIRA";
get_install_count(app_name:app_name, exit_if_zero:TRUE);

port = get_http_port(default:8080);

install = get_single_install(
  app_name : app_name,
  port     : port,
  exit_if_unknown_ver : TRUE
);

# Prevent potential false positives.
if (report_paranoia < 2) audit(AUDIT_PARANOID);

dir = install['path'];
ver = install['version'];

url = build_url(port:port, qs:dir);

fix = NULL;

# Match versions 7.x.x - 7.0.0-OD-01
if (ver =~ "^(7\.0\.0|7\.0\.0-OD-(0[01]))$")
  fix = "7.0.0-OD-02";

# Match versions 1.x - 6.4.9
if (ver =~ "^([0-6]\.[0-4]|[0-5]\.[0-9]|[0-5]\.[0-9][0-9]|[0-5]\.[0-9][0-9]\.[0-9]|[0-6]\.[0-3]\.[1-9][0-9]|[0-6]\.[0-4]\.[0-9])$")
  fix = "6.4.10";

if (!isnull(fix))
{
  if (report_verbosity > 0)
  { 
    report =
      '\n  URL               : ' + url +
      '\n  Installed version : ' + ver +
      '\n  Fixed version     : ' + "6.4.10 / 7.0.0-OD-02" +
      '\n';

       security_warning(port:port, extra:report);
     }
     else security_warning(port:port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, url, ver);
VendorProductVersionCPE
atlassianjiracpe:/a:atlassian:jira

Related

ibm 175
nessus 11
veracode 1
huawei 1
prion 1
debiancve 1
cve 1
openvas 3
f5 2
aix 1
ubuntucve 1
checkpoint_advisories 1
ibm
ibm
Security Bulletin: Vulnerability in RC4 stream cipher affects Real-time Compression Appliance (CVE-2015-2808)
2018-06-18 00:09:28
Security Bulletin: Vulnerability in RC4 stream cipher affects OpenPages GRC Platform with Application Server (CVE-2015-2808)
2018-06-15 22:37:00
Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Developer for i, Rational Developer for AIX and Linux, and Rational Developer for Power Systems Software (CVE-2015-2808)
2018-08-03 04:23:43
nessus
nessus
AIX 6.1 TL 9 : bos.net.tcp.server (U863668) (Bar Mitzvah)
2015-12-04 00:00:00
IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)
2016-06-16 00:00:00
F5 Networks BIG-IP : SSL/TLS RC4 vulnerability (K16864) (Bar Mitzvah)
2015-09-18 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 05:39:15
huawei
huawei
Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
2015-09-19 00:00:00
prion
prion
Design/Logic Flaw
2015-04-01 02:00:00
debiancve
debiancve
CVE-2015-2808
2015-04-01 02:00:00
cve
cve
CVE-2015-2808
2015-04-01 02:00:00
openvas
openvas
F5 BIG-IP - SSL/TLS RC4 vulnerability CVE-2015-2808
2015-09-18 00:00:00
HPE Network Products Multiple Remote Vulnerabilities
2016-11-25 00:00:00
SSL/TLS: Report Weak Cipher Suites
2012-03-01 00:00:00
f5
f5
K16864 : SSL/TLS RC4 vulnerability CVE-2015-2808
2015-08-17 00:00:00
SOL16864 - SSL/TLS RC4 vulnerability CVE-2015-2808
2015-07-08 00:00:00
aix
aix
Vulnerability in RC4 stream cipher affects AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on VIOS
2015-04-27 15:27:04
ubuntucve
ubuntucve
CVE-2015-2808
2015-03-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Weak SSL RC4 Cipher Suites (CVE-2013-2566; CVE-2015-2808)
2015-05-17 00:00:00
JSON
Related for JIRA_6_4_10.NASL
ibm175nessus11veracode1huawei1prion1debiancve1cve1openvas3f52aix1ubuntucve1checkpoint_advisories1