Executive Summary

Informations
NameCVE-2019-1559First vendor Publication2019-02-27
VendorCveLast vendor Modification2019-05-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Application1
Application2
Application1
Application1
Application1
Application1
Application1
Application1
Application1
Application1
Application1
Application21
Application91
Os3
Os2
Os2

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/107174
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c576...
https://kc.mcafee.com/corporate/index?page=content&id=SB10282
https://security.netapp.com/advisory/ntap-20190301-0001/
https://security.netapp.com/advisory/ntap-20190301-0002/
https://security.netapp.com/advisory/ntap-20190423-0002/
https://support.f5.com/csp/article/K18549143
https://www.openssl.org/news/secadv/20190226.txt
https://www.tenable.com/security/tns-2019-02
https://www.tenable.com/security/tns-2019-03
DEBIAN https://www.debian.org/security/2019/dsa-4400
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
GENTOO https://security.gentoo.org/glsa/201903-10
MISC https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MLIST https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2304
https://access.redhat.com/errata/RHSA-2019:2437
https://access.redhat.com/errata/RHSA-2019:2439
https://access.redhat.com/errata/RHSA-2019:2471
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html
UBUNTU https://usn.ubuntu.com/3899-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
DateInformations
2019-09-21 12:05:03
  • Multiple Updates
2019-08-14 12:10:38
  • Multiple Updates
2019-08-13 12:07:20
  • Multiple Updates
2019-08-07 12:10:33
  • Multiple Updates
2019-07-30 12:10:56
  • Multiple Updates
2019-07-24 12:05:10
  • Multiple Updates
2019-07-06 12:03:18
  • Multiple Updates
2019-07-03 12:10:25
  • Multiple Updates
2019-06-28 12:09:57
  • Multiple Updates
2019-05-22 09:19:12
  • Multiple Updates
2019-05-15 13:19:12
  • Multiple Updates
2019-05-15 09:19:21
  • Multiple Updates
2019-04-25 17:19:08
  • Multiple Updates
2019-04-24 05:19:00
  • Multiple Updates
2019-04-24 00:18:57
  • Multiple Updates
2019-04-23 13:19:14
  • Multiple Updates
2019-04-08 21:19:42
  • Multiple Updates
2019-04-03 00:19:16
  • Multiple Updates
2019-03-29 09:19:03
  • Multiple Updates
2019-03-29 05:19:32
  • Multiple Updates
2019-03-27 09:19:17
  • Multiple Updates
2019-03-21 21:19:22
  • Multiple Updates
2019-03-18 17:19:30
  • Multiple Updates
2019-03-14 13:19:45
  • Multiple Updates
2019-03-08 17:18:40
  • Multiple Updates
2019-03-04 21:19:44
  • Multiple Updates
2019-03-04 17:18:59
  • Multiple Updates
2019-03-02 17:18:59
  • Multiple Updates
2019-03-02 00:18:19
  • Multiple Updates
2019-03-01 17:19:00
  • Multiple Updates
2019-03-01 00:19:08
  • Multiple Updates
2019-02-28 21:19:29
  • Multiple Updates
2019-02-28 17:19:06
  • Multiple Updates
2019-02-28 05:18:55
  • First insertion