Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2019-1559 | First vendor Publication | 2019-02-27 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 5.9 | ||
| Base Score | 5.9 | Environmental Score | 5.9 |
| impact SubScore | 3.6 | Temporal Score | 5.9 |
| Exploitabality Sub Score | 2.2 | ||
| Attack Vector | Network | Attack Complexity | High |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | None | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-203 | Information Exposure Through Discrepancy |
CPE : Common Platform Enumeration
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 02:04:03 |
|
| 2024-02-01 12:17:17 |
|
| 2023-11-07 21:40:24 |
|
| 2023-09-30 01:52:10 |
|
| 2023-09-05 12:59:20 |
|
| 2023-09-05 01:16:58 |
|
| 2023-09-02 12:58:36 |
|
| 2023-09-02 01:17:15 |
|
| 2023-08-12 13:02:31 |
|
| 2023-08-12 01:16:33 |
|
| 2023-08-11 12:56:18 |
|
| 2023-08-11 01:17:02 |
|
| 2023-08-06 12:54:39 |
|
| 2023-08-06 01:16:28 |
|
| 2023-08-04 12:54:56 |
|
| 2023-08-04 01:16:38 |
|
| 2023-07-14 12:54:55 |
|
| 2023-07-14 01:16:34 |
|
| 2023-05-11 01:47:33 |
|
| 2023-03-29 01:56:16 |
|
| 2023-03-28 12:16:52 |
|
| 2023-03-04 01:48:24 |
|
| 2023-02-10 01:46:16 |
|
| 2023-02-08 01:46:31 |
|
| 2023-01-25 01:45:48 |
|
| 2022-10-11 12:49:03 |
|
| 2022-10-11 01:16:27 |
|
| 2022-08-19 17:27:43 |
|
| 2022-07-02 01:45:40 |
|
| 2022-07-01 01:52:28 |
|
| 2022-06-14 01:42:59 |
|
| 2022-05-13 01:42:08 |
|
| 2022-04-07 01:40:59 |
|
| 2022-03-24 21:23:18 |
|
| 2022-02-08 12:39:20 |
|
| 2022-02-03 12:39:09 |
|
| 2021-05-05 01:34:36 |
|
| 2021-05-04 13:32:06 |
|
| 2021-04-22 02:46:36 |
|
| 2021-01-20 21:23:18 |
|
| 2020-09-03 01:25:52 |
|
| 2020-07-22 21:23:04 |
|
| 2020-05-24 01:28:08 |
|
| 2020-05-23 02:25:29 |
|
| 2019-10-10 12:11:20 |
|
| 2019-09-26 12:11:14 |
|
| 2019-09-25 12:11:07 |
|
| 2019-09-21 12:05:03 |
|
| 2019-08-14 12:10:38 |
|
| 2019-08-13 12:07:20 |
|
| 2019-08-07 12:10:33 |
|
| 2019-07-30 12:10:56 |
|
| 2019-07-24 12:05:10 |
|
| 2019-07-06 12:03:18 |
|
| 2019-07-03 12:10:25 |
|
| 2019-06-28 12:09:57 |
|
| 2019-05-22 09:19:12 |
|
| 2019-05-15 13:19:12 |
|
| 2019-05-15 09:19:21 |
|
| 2019-04-25 17:19:08 |
|
| 2019-04-24 05:19:00 |
|
| 2019-04-24 00:18:57 |
|
| 2019-04-23 13:19:14 |
|
| 2019-04-08 21:19:42 |
|
| 2019-04-03 00:19:16 |
|
| 2019-03-29 09:19:03 |
|
| 2019-03-29 05:19:32 |
|
| 2019-03-27 09:19:17 |
|
| 2019-03-21 21:19:22 |
|
| 2019-03-18 17:19:30 |
|
| 2019-03-14 13:19:45 |
|
| 2019-03-08 17:18:40 |
|
| 2019-03-04 21:19:44 |
|
| 2019-03-04 17:18:59 |
|
| 2019-03-02 17:18:59 |
|
| 2019-03-02 00:18:19 |
|
| 2019-03-01 17:19:00 |
|
| 2019-03-01 00:19:08 |
|
| 2019-02-28 21:19:29 |
|
| 2019-02-28 17:19:06 |
|
| 2019-02-28 05:18:55 |
|
