Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.OPENSSL_1_0_0C.NASL
HistoryDec 07, 2010 - 12:00 a.m.

OpenSSL < 0.9.8q / 1.0.0c Multiple Vulnerabilities

2010-12-0700:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
19
JSON

According to its banner, the remote web server is running a version of OpenSSL older than 0.9.8q or 1.0.0c. Such versions are potentially affected by multiple vulnerabilities :

  • It may be possible to downgrade the ciphersuite to a weaker version by modifying the stored session cache ciphersuite.

  • An error exists in the J-PAKE implementation that could lead to successful validation by someone with no knowledge of the shared secret.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(51058);
  script_version("1.12");
  script_cvs_date("Date: 2018/07/16 14:09:14");

  script_cve_id("CVE-2010-4180", "CVE-2010-4252");
  script_bugtraq_id(45163, 45164);
  script_xref(name:"Secunia", value:"42473");

  script_name(english:"OpenSSL < 0.9.8q / 1.0.0c Multiple Vulnerabilities");
  script_summary(english:"Does a banner check");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
  
  script_set_attribute(attribute:"description", value:
"According to its banner, the remote web server is running a version
of OpenSSL older than 0.9.8q or 1.0.0c.  Such versions are potentially
affected by multiple vulnerabilities :

  - It may be possible to downgrade the ciphersuite to a
    weaker version by modifying the stored session cache
    ciphersuite.

  - An error exists in the J-PAKE implementation that could
    lead to successful validation by someone with no 
    knowledge of the shared secret.");
  
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20101202.txt");
  script_set_attribute(attribute:"see_also", value:"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf");
  script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL 0.9.8q / 1.0.0c or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  
  script_set_attribute(attribute:"vuln_publication_date",value:"2010/12/02");
  script_set_attribute(attribute:"patch_publication_date",value:"2010/12/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/07");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencie("http_version.nasl");
  script_require_ports("Services/www", 80);
  script_require_keys("Settings/ParanoidReport");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("backport.inc");


if (report_paranoia < 2)
  exit(1, "This plugin only runs if 'Report paranoia' is set to 'Paranoid'.");

port = get_http_port(default:80);

banner = get_backport_banner(banner:get_http_banner(port:port));
if (!banner) 
  exit(1, "Unable to get the banner from the web server on port "+port+".");

if (!egrep(string:banner, pattern:'^Server:'))
  exit(0, "The web server on port "+port+" doesn't return a Server response header.");
if ("OpenSSL/" >!< banner)
  exit(0, "The Server response header for the web server on port "+port+" doesn't mention OpenSSL.");

pat = "^Server:.*OpenSSL/([^ ]+)";
version = NULL;

foreach line (split(banner, sep:'\r\n', keep:FALSE))
{
  match = eregmatch(pattern:pat, string:line);
  if (!isnull(match))
  {
    version = match[1];
    break;
  }
}
if (isnull(version))
  exit(0, "The web server on port "+port+" doesn't appear to use OpenSSL.");

if (
  (version =~ "^0\.[0-8]\..*") ||
  (version =~ "^0\.9\.([0-7]([^0-9]|$)|8([^a-z0-9]|[a-p]|$))") ||
  (version =~ "^1\.0\.0(-beta|[a-b]|$)")
)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + line +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 0.9.8q / 1.0.0c\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else exit(0, 'The web server on port \''+port+'\' uses OpenSSL '+version+', which is not affected.');
VendorProductVersionCPE
opensslopensslcpe:/a:openssl:openssl

Related

nessus 47
slackware 1
openvas 45
securityvulns 7
cve 4
debiancve 4
f5 6
openssl 2
ubuntucve 4
prion 4
veracode 1
altlinux 5
redhat 3
attackerkb 1
oraclelinux 4
ubuntu 1
osv 2
fedora 5
debian 2
centos 2
gentoo 1
suse 2
cert 1
ibm 7
vmware 4
lenovo 2
nessus
nessus
Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : openssl (SSA:2010-340-01)
2010-12-08 00:00:00
F5 Networks BIG-IP : OpenSSL vulnerability (K17382)
2015-10-12 00:00:00
RHEL 6 : openssl (RHSA-2010:0979)
2010-12-14 00:00:00
slackware
slackware
[slackware-security] openssl
2010-12-07 07:14:58
openvas
openvas
Slackware: Security Advisory (SSA:2010-340-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2010-340-01 openssl
2012-09-11 00:00:00
HP-UX Update for OpenSSL HPSBUX02638
2011-05-05 00:00:00
securityvulns
securityvulns
OpenSSL protection level downgrade
2010-12-09 00:00:00
[USN-1029-1] OpenSSL vulnerabilities
2010-12-09 00:00:00
HP Insight Control multiple security vulnerabilities
2011-04-26 00:00:00
cve
cve
CVE-2010-4252
2010-12-06 21:05:00
CVE-2010-4180
2010-12-06 21:05:00
CVE-2010-4478
2010-12-06 22:30:00
debiancve
debiancve
CVE-2010-4252
2010-12-06 21:05:00
CVE-2010-4180
2010-12-06 21:05:00
CVE-2010-4478
2010-12-06 22:30:00
f5
f5
K17382 : OpenSSL vulnerability CVE-2010-4252
2015-10-09 00:00:00
SOL17382 - OpenSSL vulnerability CVE-2010-4252
2015-10-09 00:00:00
SOL12543 - OpenSSL vulnerability CVE-2010-4180
2011-01-26 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2010-4252
2010-12-02 00:00:00
Vulnerability in OpenSSL CVE-2010-4180
2010-12-02 00:00:00
ubuntucve
ubuntucve
CVE-2010-4252
2010-12-06 00:00:00
CVE-2010-4180
2010-12-06 00:00:00
CVE-2010-4478
2010-12-06 00:00:00
prion
prion
Design/Logic Flaw
2010-12-06 21:05:00
Session fixation
2010-12-06 21:05:00
Design/Logic Flaw
2010-12-06 22:30:00
veracode
veracode
Insecure TLS Configuration
2020-04-10 00:56:26
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0c-alt1
2011-02-01 00:00:00
redhat
redhat
(RHSA-2010:0979) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2010:0978) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2010:0977) Moderate: openssl security update
2010-12-13 00:00:00
attackerkb
attackerkb
CVE-2010-4478
2010-12-06 00:00:00
oraclelinux
oraclelinux
openssl security update
2011-02-10 00:00:00
openssl security update
2010-12-13 00:00:00
openssl security update
2010-12-13 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2010-12-08 00:00:00
osv
osv
openssl - protocol design flaw
2011-01-06 00:00:00
nss - protocol design flaw
2011-01-06 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: openssl-1.0.0c-1.fc14
2010-12-10 20:26:33
[SECURITY] Fedora 14 Update: openssl-1.0.0d-1.fc14
2011-02-14 20:28:21
[SECURITY] Fedora 13 Update: openssl-1.0.0c-1.fc13
2010-12-17 08:35:37
debian
debian
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
2011-01-05 23:18:09
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
2011-01-05 23:18:09
centos
centos
openssl security update
2010-12-14 01:19:08
openssl security update
2011-01-27 09:11:13
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2011-10-09 00:00:00
suse
suse
compat-openssl097g (important)
2011-07-27 16:08:25
Security update for compat-openssl097g (important)
2011-07-27 17:08:16
cert
cert
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL
2013-03-18 00:00:00
ibm
ibm
Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL
2022-09-25 20:45:36
Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0
2022-09-25 23:13:40
Security Bulletin: Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities.
2018-06-18 00:07:41
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
JSON
Related for OPENSSL_1_0_0C.NASL
nessus47slackware1openvas45securityvulns7cve4debiancve4f56openssl2ubuntucve4prion4veracode1altlinux5redhat3attackerkb1oraclelinux4ubuntu1osv2fedora5debian2centos2gentoo1suse2cert1ibm7vmware4lenovo2