Vulnerability-Lookup

BDU:2019-00985

Vulnerability from fstec - Published: 27.02.2019

Title

Уязвимость функции SSL_shutdown средства криптографической защиты OpenSSL, позволяющая нарушителю раскрыть защищаемую информацию

Description

Уязвимость функции SSL_shutdown() средства криптографической защиты OpenSSL связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Vendor

ООО «РусБИТех-Астра», Oracle Corp., Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc., Siemens AG, OpenSSL Software Foundation, ООО «Ред Софт», ООО «Открытая мобильная платформа»

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), API Gateway, Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, OpenSUSE Leap, Enterprise Manager Ops Center, JD Edwards EnterpriseOne Tools, PeopleSoft Enterprise PeopleTools, SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP, OpenSSL, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE OpenStack Cloud, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Red Hat Virtualization, Suse Linux Enterprise Server, Business Intelligence Enterprise Edition, Oracle Secure Global Desktop, Enterprise Manager Base Platform, SUSE Linux Enterprise Module for Web Scripting, Endeca Server, Enterprise Communications Broker, JD Edwards World Security, SUSE Linux Enterprise Point of Sale, SUSE CaaS Platform, SUSE Linux Enterprise Module for Legacy Software, SUSE OpenStack Cloud Crowbar, MySQL Connectors, MySQL Server, MySQL Enterprise Monitor, OpenStack Cloud Magnum Orchestration, Jboss Web Server, Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S, Fujitsu M12-1, Fujitsu M12-2, Fujitsu M12-2S, РЕД ОС (запись в едином реестре российских программ №3751), Sun ZFS Storage Appliance Kit, Oracle Communications Session Border Controller, Oracle Enterprise Session Border Controller, Communications Unified Session Manager, Oracle Communications Session Router, Communications Diameter Signaling Router, MySQL Workbench, Services Tools Bundle, Communications Performance Intelligence Center (PIC) Software, ОС Аврора (запись в едином реестре российских программ №1543)

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), 11.1.2.4.0 (API Gateway), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 12.3.3 (Enterprise Manager Ops Center), 9.2 (JD Edwards EnterpriseOne Tools), 18.10 (Ubuntu), 8.55 (PeopleSoft Enterprise PeopleTools), 8.56 (PeopleSoft Enterprise PeopleTools), 8.57 (PeopleSoft Enterprise PeopleTools), V2.6.0 (SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP), от 1.0.2 до 1.0.2q включительно (OpenSSL), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 7 (SUSE OpenStack Cloud), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 4 (Red Hat Virtualization), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11.1.1.9.0 (Business Intelligence Enterprise Edition), 12.2.1.3.0 (Business Intelligence Enterprise Edition), 12.2.1.4.0 (Business Intelligence Enterprise Edition), 5.4 (Oracle Secure Global Desktop), 13.2.0.0.0 (Enterprise Manager Base Platform), 13.3.0.0.0 (Enterprise Manager Base Platform), 12.1.0.5.0 (Enterprise Manager Base Platform), 12 (SUSE Linux Enterprise Module for Web Scripting), 7.7.0 (Endeca Server), PCz3.0 (Enterprise Communications Broker), A9.3 (JD Edwards World Security), A9.3.1 (JD Edwards World Security), A9.4 (JD Edwards World Security), 15.0 (OpenSUSE Leap), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), - (SUSE CaaS Platform), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12-LTSS (Suse Linux Enterprise Server), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 11 SP4-LTSS (Suse Linux Enterprise Server), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications), 8 (SUSE OpenStack Cloud Crowbar), 8 (Debian GNU/Linux), до 5.3.12 включительно (MySQL Connectors), до 8.0.15 включительно (MySQL Connectors), до 5.6.43 включительно (MySQL Server), до 5.7.25 включительно (MySQL Server), до 8.0.15 включительно (MySQL Server), до 4.0.8 включительно (MySQL Enterprise Monitor), до 8.0.14 включительно (MySQL Enterprise Monitor), 12.4.0 (Enterprise Manager Ops Center), 7 (OpenStack Cloud Magnum Orchestration), 12 (SUSE Linux Enterprise Module for Legacy Software), 11-SECURITY (Suse Linux Enterprise Server), 11-SECURITY (SUSE Linux Enterprise Server for SAP Applications), 5.0 (Jboss Web Server), до XCP2361 (Fujitsu M10-1), до XCP3070 (Fujitsu M10-1), до XCP2361 (Fujitsu M10-4), до XCP3070 (Fujitsu M10-4), до XCP2361 (Fujitsu M10-4S), до XCP3070 (Fujitsu M10-4S), до XCP2361 (Fujitsu M12-1), до XCP3070 (Fujitsu M12-1), до XCP3070 (Fujitsu M12-2), до XCP2361 (Fujitsu M12-2), до XCP2361 (Fujitsu M12-2S), до XCP3070 (Fujitsu M12-2S), до 7.2 Муром (РЕД ОС), 8.8.6 (Sun ZFS Storage Appliance Kit), PCz3.1 (Enterprise Communications Broker), PCz3.2 (Enterprise Communications Broker), 8.0 (Oracle Communications Session Border Controller), 8.1 (Oracle Communications Session Border Controller), 8.2 (Oracle Communications Session Border Controller), 8.3 (Oracle Communications Session Border Controller), 7.5 (Oracle Enterprise Session Border Controller), 8.0 (Oracle Enterprise Session Border Controller), 8.1 (Oracle Enterprise Session Border Controller), 8.2 (Oracle Enterprise Session Border Controller), 8.3 (Oracle Enterprise Session Border Controller), 7.3.5 (Communications Unified Session Manager), 8.2.5 (Communications Unified Session Manager), 7.4 (Oracle Communications Session Router), 8.0 (Oracle Communications Session Router), 8.1 (Oracle Communications Session Router), 8.2 (Oracle Communications Session Router), 8.3 (Oracle Communications Session Router), 7.4 (Oracle Communications Session Border Controller), 8.0 (Communications Diameter Signaling Router), 8.1 (Communications Diameter Signaling Router), 8.2 (Communications Diameter Signaling Router), 8.3 (Communications Diameter Signaling Router), 8.4 (Communications Diameter Signaling Router), до 8.0.16 включительно (MySQL Workbench), 19.2 (Services Tools Bundle), 5.2 on RHEL 6 (Jboss Web Server), 5.2 on RHEL 7 (Jboss Web Server), 5.2 on RHEL 8 (Jboss Web Server), 10.4.0.2 (Communications Performance Intelligence Center (PIC) Software), до 3.2.3.31 (ОС Аврора)

Possible Mitigations

Использование рекомендаций: https://usn.ubuntu.com/3899-1/ https://www.openssl.org/news/secadv/20190226.txt Для ОС Astra Linux 1.6 «Смоленск»: обновить пакет openssl1.0 до 1.0.2s-1~deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186

Reference

https://usn.ubuntu.com/3899-1/ https://www.securityfocus.com/bid/107174 https://www.openssl.org/news/secadv/20190226.txt https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16

CWE

CWE-200

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Oracle Corp., Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Siemens AG, OpenSSL Software Foundation, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 11.1.2.4.0 (API Gateway), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 12.3.3 (Enterprise Manager Ops Center), 9.2 (JD Edwards EnterpriseOne Tools), 18.10 (Ubuntu), 8.55 (PeopleSoft Enterprise PeopleTools), 8.56 (PeopleSoft Enterprise PeopleTools), 8.57 (PeopleSoft Enterprise PeopleTools), V2.6.0 (SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP), \u043e\u0442 1.0.2 \u0434\u043e 1.0.2q \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (OpenSSL), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 7 (SUSE OpenStack Cloud), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 4 (Red Hat Virtualization), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11.1.1.9.0 (Business Intelligence Enterprise Edition), 12.2.1.3.0 (Business Intelligence Enterprise Edition), 12.2.1.4.0 (Business Intelligence Enterprise Edition), 5.4 (Oracle Secure Global Desktop), 13.2.0.0.0 (Enterprise Manager Base Platform), 13.3.0.0.0 (Enterprise Manager Base Platform), 12.1.0.5.0 (Enterprise Manager Base Platform), 12 (SUSE Linux Enterprise Module for Web Scripting), 7.7.0 (Endeca Server), PCz3.0 (Enterprise Communications Broker), A9.3 (JD Edwards World Security), A9.3.1 (JD Edwards World Security), A9.4 (JD Edwards World Security), 15.0 (OpenSUSE Leap), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), - (SUSE CaaS Platform), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12-LTSS (Suse Linux Enterprise Server), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 11 SP4-LTSS (Suse Linux Enterprise Server), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications), 8 (SUSE OpenStack Cloud Crowbar), 8 (Debian GNU/Linux), \u0434\u043e 5.3.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Connectors), \u0434\u043e 8.0.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Connectors), \u0434\u043e 5.6.43 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u0434\u043e 5.7.25 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u0434\u043e 8.0.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u0434\u043e 4.0.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), \u0434\u043e 8.0.14 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Enterprise Monitor), 12.4.0 (Enterprise Manager Ops Center), 7 (OpenStack Cloud Magnum Orchestration), 12 (SUSE Linux Enterprise Module for Legacy Software), 11-SECURITY (Suse Linux Enterprise Server), 11-SECURITY (SUSE Linux Enterprise Server for SAP Applications), 5.0 (Jboss Web Server), \u0434\u043e XCP2361 (Fujitsu M10-1), \u0434\u043e XCP3070 (Fujitsu M10-1), \u0434\u043e XCP2361 (Fujitsu M10-4), \u0434\u043e XCP3070 (Fujitsu M10-4), \u0434\u043e XCP2361 (Fujitsu M10-4S), \u0434\u043e XCP3070 (Fujitsu M10-4S), \u0434\u043e XCP2361 (Fujitsu M12-1), \u0434\u043e XCP3070 (Fujitsu M12-1), \u0434\u043e XCP3070 (Fujitsu M12-2), \u0434\u043e XCP2361 (Fujitsu M12-2), \u0434\u043e XCP2361 (Fujitsu M12-2S), \u0434\u043e XCP3070 (Fujitsu M12-2S), \u0434\u043e 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), 8.8.6 (Sun ZFS Storage Appliance Kit), PCz3.1 (Enterprise Communications Broker), PCz3.2 (Enterprise Communications Broker), 8.0 (Oracle Communications Session Border Controller), 8.1 (Oracle Communications Session Border Controller), 8.2 (Oracle Communications Session Border Controller), 8.3 (Oracle Communications Session Border Controller), 7.5 (Oracle Enterprise Session Border Controller), 8.0 (Oracle Enterprise Session Border Controller), 8.1 (Oracle Enterprise Session Border Controller), 8.2 (Oracle Enterprise Session Border Controller), 8.3 (Oracle Enterprise Session Border Controller), 7.3.5 (Communications Unified Session Manager), 8.2.5 (Communications Unified Session Manager), 7.4 (Oracle Communications Session Router), 8.0 (Oracle Communications Session Router), 8.1 (Oracle Communications Session Router), 8.2 (Oracle Communications Session Router), 8.3 (Oracle Communications Session Router), 7.4 (Oracle Communications Session Border Controller), 8.0 (Communications Diameter Signaling Router), 8.1 (Communications Diameter Signaling Router), 8.2 (Communications Diameter Signaling Router), 8.3 (Communications Diameter Signaling Router), 8.4 (Communications Diameter Signaling Router), \u0434\u043e 8.0.16 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Workbench), 19.2 (Services Tools Bundle), 5.2 on RHEL 6 (Jboss Web Server), 5.2 on RHEL 7 (Jboss Web Server), 5.2 on RHEL 8 (Jboss Web Server), 10.4.0.2 (Communications Performance Intelligence Center (PIC) Software), \u0434\u043e 3.2.3.31 (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: \nhttps://usn.ubuntu.com/3899-1/\nhttps://www.openssl.org/news/secadv/20190226.txt\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 openssl1.0 \u0434\u043e 1.0.2s-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.02.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.03.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00985",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-1559",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), API Gateway, Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, OpenSUSE Leap, Enterprise Manager Ops Center, JD Edwards EnterpriseOne Tools, PeopleSoft Enterprise PeopleTools, SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP, OpenSSL, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE OpenStack Cloud, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Red Hat Virtualization, Suse Linux Enterprise Server, Business Intelligence Enterprise Edition, Oracle Secure Global Desktop, Enterprise Manager Base Platform, SUSE Linux Enterprise Module for Web Scripting, Endeca Server, Enterprise Communications Broker, JD Edwards World Security, SUSE Linux Enterprise Point of Sale, SUSE CaaS Platform, SUSE Linux Enterprise Module for Legacy Software, SUSE OpenStack Cloud Crowbar, MySQL Connectors, MySQL Server, MySQL Enterprise Monitor, OpenStack Cloud Magnum Orchestration, Jboss Web Server, Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S, Fujitsu M12-1, Fujitsu M12-2, Fujitsu M12-2S, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Sun ZFS Storage Appliance Kit, Oracle Communications Session Border Controller, Oracle Enterprise Session Border Controller, Communications Unified Session Manager, Oracle Communications Session Router, Communications Diameter Signaling Router, MySQL Workbench, Services Tools Bundle, Communications Performance Intelligence Center (PIC) Software, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. Suse Linux Enterprise Server 12-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12-LTSS , Novell Inc. OpenSUSE Leap 15.1 , Novell Inc. Suse Linux Enterprise Server 11 SP4-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP1-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Novell Inc. Suse Linux Enterprise Server 11-SECURITY , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11-SECURITY , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 \u0434\u043e 7.2 \u041c\u0443\u0440\u043e\u043c  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 3.2.3.31 INOI R7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 3.2.3.31 Aquarius CMP NS220 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 3.2.3.31 Byterg MVK-2020 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 3.2.3.31 F+ Life Tab Plus (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 SSL_shutdown \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b  OpenSSL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 SSL_shutdown() \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b OpenSSL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://usn.ubuntu.com/3899-1/\nhttps://www.securityfocus.com/bid/107174\nhttps://www.openssl.org/news/secadv/20190226.txt\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0423\u0411\u0414, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,9)"
}

CVE-2019-1559 (GCVE-0-2019-1559)

Vulnerability from cvelistv5 – Published: 2019-02-27 23:00 – Updated: 2024-09-17 04:20

Title

0-byte record padding oracle

Summary

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Severity ?

No CVSS data available.

CWE

Padding Oracle

Assigner

openssl

References

URL

Tags

	http://www.securityfocus.com/bid/107174	vdb-entryx_refsource_BID
	https://security.gentoo.org/glsa/201903-10	vendor-advisoryx_refsource_GENTOO
	https://usn.ubuntu.com/3899-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2019/dsa-4400	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2019:2304	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:2439	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:2437	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:2471	vendor-advisoryx_refsource_REDHAT
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2019:3929	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3931	vendor-advisoryx_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://usn.ubuntu.com/4376-2/	vendor-advisoryx_refsource_UBUNTU
	https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019030…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2019030…	x_refsource_CONFIRM
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba…	x_refsource_CONFIRM
	https://www.openssl.org/news/secadv/20190226.txt	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K18549143	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2019-02	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2019042…	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2019-03	x_refsource_CONFIRM
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K18549143?utm_…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Affected: Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)

Date Public ?

2019-02-26 00:00

Credits

Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:27.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107174",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107174"
          },
          {
            "name": "GLSA-201903-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "name": "USN-3899-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3899-1/"
          },
          {
            "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
          },
          {
            "name": "DSA-4400",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4400"
          },
          {
            "name": "openSUSE-SU-2019:1076",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
          },
          {
            "name": "openSUSE-SU-2019:1105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2019:1173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
          },
          {
            "name": "openSUSE-SU-2019:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
          },
          {
            "name": "openSUSE-SU-2019:1432",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
          },
          {
            "name": "openSUSE-SU-2019:1637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
          },
          {
            "name": "RHSA-2019:2304",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2304"
          },
          {
            "name": "RHSA-2019:2439",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2439"
          },
          {
            "name": "RHSA-2019:2437",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2437"
          },
          {
            "name": "RHSA-2019:2471",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2471"
          },
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "name": "RHSA-2019:3929",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3931",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "USN-4376-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190226.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K18549143"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
        }
      ],
      "datePublic": "2019-02-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Padding Oracle",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:01.000Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "107174",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107174"
        },
        {
          "name": "GLSA-201903-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-10"
        },
        {
          "name": "USN-3899-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3899-1/"
        },
        {
          "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
        },
        {
          "name": "DSA-4400",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4400"
        },
        {
          "name": "openSUSE-SU-2019:1076",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
        },
        {
          "name": "openSUSE-SU-2019:1105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2019:1173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
        },
        {
          "name": "openSUSE-SU-2019:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
        },
        {
          "name": "openSUSE-SU-2019:1432",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
        },
        {
          "name": "openSUSE-SU-2019:1637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
        },
        {
          "name": "RHSA-2019:2304",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2304"
        },
        {
          "name": "RHSA-2019:2439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2439"
        },
        {
          "name": "RHSA-2019:2437",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2437"
        },
        {
          "name": "RHSA-2019:2471",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2471"
        },
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "name": "RHSA-2019:3929",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "name": "RHSA-2019:3931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "USN-4376-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4376-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20190226.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K18549143"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ],
      "title": "0-byte record padding oracle",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2019-02-26",
          "ID": "CVE-2019-1559",
          "STATE": "PUBLIC",
          "TITLE": "0-byte record padding oracle"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Padding Oracle"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107174",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107174"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "USN-3899-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3899-1/"
            },
            {
              "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
            },
            {
              "name": "DSA-4400",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4400"
            },
            {
              "name": "openSUSE-SU-2019:1076",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2019:1105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2019:1173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
            },
            {
              "name": "openSUSE-SU-2019:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
            },
            {
              "name": "openSUSE-SU-2019:1432",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
            },
            {
              "name": "openSUSE-SU-2019:1637",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
            },
            {
              "name": "RHSA-2019:2304",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2304"
            },
            {
              "name": "RHSA-2019:2439",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2439"
            },
            {
              "name": "RHSA-2019:2437",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2437"
            },
            {
              "name": "RHSA-2019:2471",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2471"
            },
            {
              "name": "FEDORA-2019-db06efdea1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "USN-4376-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4376-2/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20190226.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20190226.txt"
            },
            {
              "name": "https://support.f5.com/csp/article/K18549143",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K18549143"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-02",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-02"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-03",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-03"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
            },
            {
              "name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1559",
    "datePublished": "2019-02-27T23:00:00.000Z",
    "dateReserved": "2018-11-28T00:00:00.000Z",
    "dateUpdated": "2024-09-17T04:20:35.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-00985

CVE-2019-1559 (GCVE-0-2019-1559)

Tags

Sightings

Nomenclature