OpenSSL 1.0.x < 1.0.2r Information Disclosure Vulnerability

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(122504);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/21");

  script_cve_id("CVE-2019-1559");
  script_bugtraq_id(107174);
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"OpenSSL 1.0.x < 1.0.2r Information Disclosure Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"A service running on the remote host is affected by an information
disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of OpenSSL running on the remote
host is 1.0.x prior to 1.0.2r. It is, therefore, affected by an
information disclosure vulnerability due to the decipherable way a
application responds to a 0 byte record. An unauthenticated, remote
attacker could exploit this vulnerability, via a padding oracle
attack, to potentially disclose sensitive information.

Note: Only 'non-stitched' ciphersuites are exploitable.");
  # https://mta.openssl.org/pipermail/openssl-announce/2019-February/000145.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e8c6acd");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20190226.txt");
  script_set_attribute(attribute:"solution", value:
"Upgrade to OpenSSL version 1.0.2r or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1559");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/01");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
  script_set_attribute(attribute:"agent", value:"all");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("openssl_version.nasl", "openssl_nix_installed.nbin", "openssl_win_installed.nbin");
  script_require_keys("installed_sw/OpenSSL");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_openssl.inc');

var app_info = vcf::combined_get_app_info(app:'OpenSSL');

vcf::check_all_backporting(app_info:app_info);

var constraints = [{ 'min_version' : "1.0.2", 'fixed_version' : '1.0.2r'}];

vcf::openssl::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);