Lucene search

K
nvd[email protected]NVD:CVE-2019-1559
HistoryFeb 27, 2019 - 11:29 p.m.

CVE-2019-1559

2019-02-2723:29:00
CWE-203
web.nvd.nist.gov
1

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6

Confidence

High

EPSS

0.01

Percentile

83.8%

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable “non-stitched” ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Affected configurations

NVD
Node
opensslopensslRange1.0.21.0.2r
Node
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch18.10
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netappactive_iq_unified_managerMatch-windows
OR
netappaltavaultMatch-
OR
netappcloud_backupMatch-
OR
netappclustered_data_ontap_antivirus_connectorMatch-
OR
netappelement_softwareMatch-
OR
netapphci_management_nodeMatch-
OR
netapphyper_converged_infrastructureMatch-
OR
netapponcommand_insightMatch-
OR
netapponcommand_unified_managerMatch-
OR
netapponcommand_unified_managerMatch-vsphere
OR
netapponcommand_unified_manager_core_packageMatch-
OR
netapponcommand_workflow_automationMatch-
OR
netappontap_select_deployMatch-
OR
netappontap_select_deploy_administration_utilityMatch-
OR
netappsantricity_smi-s_providerMatch-
OR
netappservice_processorMatch-
OR
netappsmi-s_providerMatch-
OR
netappsnapcenterMatch-
OR
netappsnapdriveMatch-unix
OR
netappsnapdriveMatch-windows
OR
netappsnapprotectMatch-
OR
netappsolidfireMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
OR
netappstorage_automation_storeMatch-
OR
netappstoragegridRange9.0.09.0.4
OR
netappstoragegridMatch-
OR
netapphci_compute_nodeMatch-
Node
f5big-ip_access_policy_managerRange12.1.012.1.5
OR
f5big-ip_access_policy_managerRange13.0.013.1.3
OR
f5big-ip_access_policy_managerRange14.0.014.1.2
OR
f5big-ip_access_policy_managerRange15.0.015.1.0
OR
f5big-ip_advanced_firewall_managerRange12.1.012.1.5
OR
f5big-ip_advanced_firewall_managerRange13.0.013.1.3
OR
f5big-ip_advanced_firewall_managerRange14.0.014.1.2
OR
f5big-ip_advanced_firewall_managerRange15.0.015.1.0
OR
f5big-ip_analyticsRange12.1.012.1.5
OR
f5big-ip_analyticsRange13.0.013.1.3
OR
f5big-ip_analyticsRange14.0.014.1.2
OR
f5big-ip_analyticsRange15.0.015.1.0
OR
f5big-ip_application_acceleration_managerRange12.1.012.1.5
OR
f5big-ip_application_acceleration_managerRange13.0.013.1.3
OR
f5big-ip_application_acceleration_managerRange14.0.014.1.2
OR
f5big-ip_application_acceleration_managerRange15.0.015.1.0
OR
f5big-ip_application_security_managerRange12.1.012.1.5
OR
f5big-ip_application_security_managerRange13.0.013.1.3
OR
f5big-ip_application_security_managerRange14.0.014.1.2
OR
f5big-ip_application_security_managerRange15.0.015.1.0
OR
f5big-ip_domain_name_systemRange12.1.012.1.5
OR
f5big-ip_domain_name_systemRange13.0.013.1.3
OR
f5big-ip_domain_name_systemRange14.0.014.1.2
OR
f5big-ip_domain_name_systemRange15.0.015.1.0
OR
f5big-ip_edge_gatewayRange12.1.012.1.5
OR
f5big-ip_edge_gatewayRange13.0.013.1.3
OR
f5big-ip_edge_gatewayRange14.0.014.1.2
OR
f5big-ip_edge_gatewayRange15.0.015.1.0
OR
f5big-ip_fraud_protection_serviceRange12.1.012.1.5
OR
f5big-ip_fraud_protection_serviceRange13.0.013.1.3
OR
f5big-ip_fraud_protection_serviceRange14.0.014.1.2
OR
f5big-ip_fraud_protection_serviceRange15.0.015.1.0
OR
f5big-ip_global_traffic_managerRange12.1.012.1.5
OR
f5big-ip_global_traffic_managerRange13.0.013.1.3
OR
f5big-ip_global_traffic_managerRange14.0.014.1.2
OR
f5big-ip_global_traffic_managerRange15.0.015.1.0
OR
f5big-ip_link_controllerRange12.1.012.1.5
OR
f5big-ip_link_controllerRange13.0.013.1.3
OR
f5big-ip_link_controllerRange14.0.014.1.2
OR
f5big-ip_link_controllerRange15.0.015.1.0
OR
f5big-ip_local_traffic_managerRange12.1.012.1.5
OR
f5big-ip_local_traffic_managerRange13.0.013.1.3
OR
f5big-ip_local_traffic_managerRange14.0.014.1.2
OR
f5big-ip_local_traffic_managerRange15.0.015.1.0
OR
f5big-ip_policy_enforcement_managerRange12.1.012.1.5
OR
f5big-ip_policy_enforcement_managerRange13.0.013.1.3
OR
f5big-ip_policy_enforcement_managerRange14.0.014.1.2
OR
f5big-ip_policy_enforcement_managerRange15.0.015.1.0
OR
f5big-ip_webacceleratorRange12.1.012.1.5
OR
f5big-ip_webacceleratorRange13.0.013.1.3
OR
f5big-ip_webacceleratorRange14.0.014.1.2
OR
f5big-ip_webacceleratorRange15.0.015.1.0
OR
f5big-iq_centralized_managementRange6.0.06.1.0
OR
f5big-iq_centralized_managementRange7.0.07.1.0
OR
f5traffix_signaling_delivery_controllerRange5.0.05.1.0
OR
f5traffix_signaling_delivery_controllerMatch4.4.0
Node
tenablenessusRange8.2.3
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
OR
opensuseleapMatch42.3
Node
netappcn1610_firmwareMatch-
AND
netappcn1610Match-
Node
netappa320_firmwareMatch-
AND
netappa320Match-
Node
netappc190_firmwareMatch-
AND
netappc190Match-
Node
netappa220_firmwareMatch-
AND
netappa220Match-
Node
netappfas2720_firmwareMatch-
AND
netappfas2720Match-
Node
netappfas2750_firmwareMatch-
AND
netappfas2750Match-
Node
netappa800_firmwareMatch-
AND
netappa800Match-
Node
fedoraprojectfedoraMatch29
OR
fedoraprojectfedoraMatch30
OR
fedoraprojectfedoraMatch31
Node
mcafeeagentRange5.6.05.6.4
OR
mcafeedata_exchange_layerRange4.0.06.0.0
OR
mcafeethreat_intelligence_exchange_serverRange2.0.03.0.0
OR
mcafeeweb_gatewayRange7.0.09.0.0
Node
redhatjboss_enterprise_web_serverMatch5.0.0
AND
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch8.0
Node
redhatvirtualizationMatch4.0
OR
redhatvirtualization_hostMatch4.0
AND
redhatenterprise_linuxMatch7.0
Node
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
oracleapi_gatewayMatch11.1.2.4.0
OR
oraclebusiness_intelligenceMatch11.1.1.9.0enterprise
OR
oraclebusiness_intelligenceMatch12.2.1.3.0enterprise
OR
oraclebusiness_intelligenceMatch12.2.1.4.0enterprise
OR
oraclecommunications_diameter_signaling_routerMatch8.0.0
OR
oraclecommunications_diameter_signaling_routerMatch8.1
OR
oraclecommunications_diameter_signaling_routerMatch8.2
OR
oraclecommunications_diameter_signaling_routerMatch8.3
OR
oraclecommunications_diameter_signaling_routerMatch8.4
OR
oraclecommunications_performance_intelligence_centerMatch10.4.0.2
OR
oraclecommunications_session_border_controllerMatch7.4
OR
oraclecommunications_session_border_controllerMatch8.0.0
OR
oraclecommunications_session_border_controllerMatch8.1.0
OR
oraclecommunications_session_border_controllerMatch8.2
OR
oraclecommunications_session_border_controllerMatch8.3
OR
oraclecommunications_session_routerMatch7.4
OR
oraclecommunications_session_routerMatch8.0
OR
oraclecommunications_session_routerMatch8.1
OR
oraclecommunications_session_routerMatch8.2
OR
oraclecommunications_session_routerMatch8.3
OR
oraclecommunications_unified_session_managerMatch7.3.5
OR
oraclecommunications_unified_session_managerMatch8.2.5
OR
oracleendeca_serverMatch7.7.0
OR
oracleenterprise_manager_base_platformMatch12.1.0.5.0
OR
oracleenterprise_manager_base_platformMatch13.2.0.0.0
OR
oracleenterprise_manager_base_platformMatch13.3.0.0.0
OR
oracleenterprise_manager_ops_centerMatch12.3.3
OR
oracleenterprise_manager_ops_centerMatch12.4.0
OR
oraclejd_edwards_enterpriseone_toolsMatch9.2
OR
oraclejd_edwards_world_securityMatcha9.3
OR
oraclejd_edwards_world_securityMatcha9.3.1
OR
oraclejd_edwards_world_securityMatcha9.4
OR
oraclemysqlRange5.6.05.6.43
OR
oraclemysqlRange5.7.05.7.25
OR
oraclemysqlRange8.0.08.0.15
OR
oraclemysql_enterprise_monitorRange4.0.8
OR
oraclemysql_enterprise_monitorRange8.0.08.0.14
OR
oraclemysql_workbenchRange8.0.16
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.55
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.56
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.57
OR
oraclesecure_global_desktopMatch5.4
OR
oracleservices_tools_bundleMatch19.2
Node
paloaltonetworkspan-osRange7.1.07.1.15
OR
paloaltonetworkspan-osRange8.0.08.0.20
OR
paloaltonetworkspan-osRange8.1.08.1.8
OR
paloaltonetworkspan-osRange9.0.09.0.2
Node
nodejsnode.jsRange6.0.06.8.1-
OR
nodejsnode.jsRange6.9.06.17.0lts
OR
nodejsnode.jsRange8.0.08.8.1-
OR
nodejsnode.jsRange8.9.08.15.1lts

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6

Confidence

High

EPSS

0.01

Percentile

83.8%