Lucene search

K
symantecSymantec Security ResponseSMNTC-107174
HistoryFeb 26, 2019 - 12:00 a.m.

OpenSSL CVE-2019-1559 Information Disclosure Vulnerability

2019-02-2600:00:00
Symantec Security Response
www.symantec.com
33

0.01 Low

EPSS

Percentile

83.8%

Description

OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. OpenSSL 1.0.2 through 1.0.2q are vulnerable.

Technologies Affected

  • Bluecoat BCAAA 6.1
  • Bluecoat Mail Threat Defense 1.1
  • IBM AIX 7.1
  • IBM Aix 7.2
  • IBM DataPower Gateway 2018.4.1.0
  • IBM DataPower Gateway 2018.4.1.2
  • IBM DataPower Gateway 2018.4.1.5
  • IBM DataPower Gateway 2018.4.1.6
  • IBM DataPower Gateway 2018.4.1.8
  • IBM DataPower Gateway 7.6.0.0
  • IBM DataPower Gateway 7.6.0.10
  • IBM DataPower Gateway 7.6.0.11
  • IBM DataPower Gateway 7.6.0.12
  • IBM DataPower Gateway 7.6.0.14
  • IBM DataPower Gateway 7.6.0.15
  • IBM DataPower Gateway 7.6.0.17
  • IBM DataPower Gateway 7.6.0.3
  • IBM DataPower Gateway 7.6.0.8
  • IBM DataPower Gateway 7.6.0.9
  • IBM DataPower Gateways 7.6.0.0
  • IBM DataPower Gateways 7.6.0.1
  • IBM DataPower Gateways 7.6.0.5
  • IBM DataPower Gateways 7.6.0.6
  • IBM Vios 2.2.0
  • OpenSSL Project OpenSSL 1.0.2
  • OpenSSL Project OpenSSL 1.0.2a
  • OpenSSL Project OpenSSL 1.0.2b
  • OpenSSL Project OpenSSL 1.0.2c
  • OpenSSL Project OpenSSL 1.0.2d
  • OpenSSL Project OpenSSL 1.0.2e
  • OpenSSL Project OpenSSL 1.0.2f
  • OpenSSL Project OpenSSL 1.0.2g
  • OpenSSL Project OpenSSL 1.0.2h
  • OpenSSL Project OpenSSL 1.0.2i
  • OpenSSL Project OpenSSL 1.0.2j
  • OpenSSL Project OpenSSL 1.0.2k
  • OpenSSL Project OpenSSL 1.0.2l
  • OpenSSL Project OpenSSL 1.0.2m
  • OpenSSL Project OpenSSL 1.0.2n
  • OpenSSL Project OpenSSL 1.0.2o
  • OpenSSL Project OpenSSL 1.0.2p
  • OpenSSL Project OpenSSL 1.0.2q
  • Oracle Endeca Server 7.7.0
  • Oracle Enterprise Manager Base Platform 12.1.0.5.0
  • Oracle Enterprise Manager Base Platform 13.2.0.0.0
  • Oracle Enterprise Manager Base Platform 13.3.0.0.0
  • Oracle Enterprise Manager Ops Center 12.3.3
  • Oracle Enterprise Manager Ops Center 12.4.0
  • Oracle JD Edwards EnterpriseOne Tools 9.2
  • Oracle JD Edwards World Security A9.3
  • Oracle JD Edwards World Security A9.3.1
  • Oracle JD Edwards World Security A9.4
  • Oracle MySQL Connectors 5.3.10
  • Oracle MySQL Connectors 5.3.12
  • Oracle MySQL Connectors 5.3.7
  • Oracle MySQL Connectors 5.3.9
  • Oracle MySQL Connectors 8.0.11
  • Oracle MySQL Connectors 8.0.12
  • Oracle MySQL Connectors 8.0.13
  • Oracle MySQL Connectors 8.0.15
  • Oracle MySQL Server 5.6.15
  • Oracle MySQL Server 5.6.16
  • Oracle MySQL Server 5.6.20
  • Oracle MySQL Server 5.6.21
  • Oracle MySQL Server 5.6.22
  • Oracle MySQL Server 5.6.23
  • Oracle MySQL Server 5.6.24
  • Oracle MySQL Server 5.6.25
  • Oracle MySQL Server 5.6.26
  • Oracle MySQL Server 5.6.27
  • Oracle MySQL Server 5.6.28
  • Oracle MySQL Server 5.6.29
  • Oracle MySQL Server 5.6.30
  • Oracle MySQL Server 5.6.33
  • Oracle MySQL Server 5.6.34
  • Oracle MySQL Server 5.6.35
  • Oracle MySQL Server 5.6.36
  • Oracle MySQL Server 5.6.37
  • Oracle MySQL Server 5.6.38
  • Oracle MySQL Server 5.6.39
  • Oracle MySQL Server 5.6.40
  • Oracle MySQL Server 5.6.41
  • Oracle MySQL Server 5.6.42
  • Oracle MySQL Server 5.6.43
  • Oracle MySQL Server 5.7.0
  • Oracle MySQL Server 5.7.12
  • Oracle MySQL Server 5.7.15
  • Oracle MySQL Server 5.7.16
  • Oracle MySQL Server 5.7.17
  • Oracle MySQL Server 5.7.18
  • Oracle MySQL Server 5.7.19
  • Oracle MySQL Server 5.7.20
  • Oracle MySQL Server 5.7.21
  • Oracle MySQL Server 5.7.22
  • Oracle MySQL Server 5.7.23
  • Oracle MySQL Server 5.7.24
  • Oracle MySQL Server 5.7.25
  • Oracle MySQL Server 8.0.11
  • Oracle MySQL Server 8.0.12
  • Oracle MySQL Server 8.0.13
  • Oracle MySQL Server 8.0.14
  • Oracle MySQL Server 8.0.15
  • Oracle MySQL Workbench 6.1.4
  • Oracle MySQL Workbench 6.1.5
  • Oracle MySQL Workbench 6.3.10
  • Oracle MySQL Workbench 6.3.8
  • Oracle MySQL Workbench 8.0.11
  • Oracle MySQL Workbench 8.0.13
  • Oracle MySQL Workbench 8.0.16
  • Oracle PeopleSoft Enterprise PeopleTools 8.55
  • Oracle PeopleSoft Enterprise PeopleTools 8.56
  • Oracle PeopleSoft Enterprise PeopleTools 8.57
  • Oracle Secure Global Desktop 5.4
  • Oracle Services Tools Bundle 19.2
  • Oracle Solaris 10
  • Oracle Solaris 11.3
  • Oracle Solaris 11.4
  • Symantec Content Analysis 2.3
  • Symantec Content Analysis 2.4
  • Symantec Malware Analysis 4.2
  • Symantec Management Center 2.2
  • Symantec Management Center 2.3
  • Symantec PacketShaper 9.2
  • Symantec PolicyCenter 9.2
  • Symantec Reporter 10.3
  • Symantec Reporter 10.4
  • Symantec Security Analytics 7.2
  • Symantec Security Analytics 7.3
  • Symantec Security Analytics 8.0

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isnโ€™t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Updates are available. Please see the references or vendor advisory for more information.