CVE-2019-1559

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.openssl.org/news/secadv/20190226.txt", "name": "https://www.openssl.org/news/secadv/20190226.txt", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://usn.ubuntu.com/3899-1/", "name": "USN-3899-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/bid/107174", "name": "107174", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://www.debian.org/security/2019/dsa-4400", "name": "DSA-4400", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://security.netapp.com/advisory/ntap-20190301-0002/", "name": "https://security.netapp.com/advisory/ntap-20190301-0002/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://security.netapp.com/advisory/ntap-20190301-0001/", "name": "https://security.netapp.com/advisory/ntap-20190301-0001/", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://security.gentoo.org/glsa/201903-10", "name": "GLSA-201903-10", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "https://support.f5.com/csp/article/K18549143", "name": "https://support.f5.com/csp/article/K18549143", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.tenable.com/security/tns-2019-02", "name": "https://www.tenable.com/security/tns-2019-02", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "name": "openSUSE-SU-2019:1076", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", "name": "openSUSE-SU-2019:1105", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", "name": "openSUSE-SU-2019:1175", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "name": "openSUSE-SU-2019:1173", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "https://security.netapp.com/advisory/ntap-20190423-0002/", "name": "https://security.netapp.com/advisory/ntap-20190423-0002/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.tenable.com/security/tns-2019-03", "name": "https://www.tenable.com/security/tns-2019-03", "tags": [], "refsource": "CONFIRM"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", "name": "openSUSE-SU-2019:1432", "tags": [], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", "name": "openSUSE-SU-2019:1637", "tags": [], "refsource": "SUSE"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": [], "refsource": "MISC"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2304", "name": "RHSA-2019:2304", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2437", "name": "RHSA-2019:2437", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2439", "name": "RHSA-2019:2439", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2471", "name": "RHSA-2019:2471", "tags": [], "refsource": "REDHAT"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", "name": "FEDORA-2019-db06efdea1", "tags": [], "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", "name": "FEDORA-2019-00c25b9379", "tags": [], "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", "name": "FEDORA-2019-9a0a7c0986", "tags": [], "refsource": "FEDORA"}, {"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", "name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", "tags": [], "refsource": "CONFIRM"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": [], "refsource": "MISC"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3929", "name": "RHSA-2019:3929", "tags": [], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3931", "name": "RHSA-2019:3931", "tags": [], "refsource": "REDHAT"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": [], "refsource": "MISC"}, {"url": "https://usn.ubuntu.com/4376-2/", "name": "USN-4376-2", "tags": [], "refsource": "UBUNTU"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-203"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-1559", "ASSIGNER": "openssl-security@openssl.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}}, "publishedDate": "2019-02-27T23:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.2q", "versionStartIncluding": "1.0.2"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.0.4", "versionStartIncluding": "9.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.1.0", "versionStartIncluding": "5.0.0"}, {"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.2.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-01-20T15:15Z"}