Detections
Analytics
IBM Rational ClearQuest 7.1.x < 7.1.2.16 / 8.0.0.x < 8.0.0.13 / 8.0.1.x < 8.0.1.6 Multiple Vulnerabilities (credentialed check) (POODLE)
low Nessus Plugin ID 81784
Language:
Synopsis
The remote host has software installed that is affected by multiple vulnerabilities.Description
The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.16 / 8.0.0.x prior to 8.0.0.13 / 8.0.1.x prior to 8.0.1.6 installed. It is, therefore, potentially affected by multiple vulnerabilities in third party libraries :- An error exists in the libcURL and OpenSSL libraries related to an IP address that uses a wildcard in the subject's Common Name (CN) field of an X.509 certificate. A man-in-the-middle attacker can exploit this issue to spoof SSL servers. (CVE-2014-0139)
- An error exists in the OpenSSL library related to 'ec point format extension' handling and multithreaded clients that allows freed memory to be overwritten during a resumed session. (CVE-2014-3509)
- An error exists in the OpenSSL library related to handling fragmented 'ClientHello' messages that allow a man-in-the-middle attacker to force usage of TLS 1.0 regardless of higher protocol levels being supported by both the server and the client. (CVE-2014-3511)
- A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
- An information disclosure flaw exists in the Java library within the 'share/classes/sun/security/rsa/RSACore.java' class related to 'RSA blinding' caused during operations using private keys and measuring timing differences. This allows a remote attacker to gain information about used keys. (CVE-2014-4244)
- A flaw exists in the Java library within the 'validateDHPublicKey' function in the 'share/classes/sun/security/util/KeyUtil.java' class which is triggered during the validation of Diffie-Hellman public key parameters. This allows a remote attacker to recover a key. (CVE-2014-4263)
- A NULL pointer dereference error exists in the OpenSSL library related to handling Secure Remote Password protocol (SRP) that allows a malicious server to crash a client, resulting in a denial of service.
(CVE-2014-5139)
Solution
Upgrade to IBM Rational ClearQuest 7.1.2.16 / 8.0.0.13 / 8.0.1.6 or later.See Also
http://www-01.ibm.com/support/docview.wss?uid=swg21677290
http://www-01.ibm.com/support/docview.wss?uid=swg21692139
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
Plugin Details
Severity: Low
ID: 81784
File Name: ibm_rational_clearquest_8_0_1_6.nasl
Version: 1.9
Type: local
Agent: windows
Family: Windows
Published: 3/12/2015
Updated: 6/23/2023
Configuration: Enable paranoid mode
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2014-3509
CVSS v3
Risk Factor: Low
Base Score: 3.4
Temporal Score: 3.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2014-3566
Vulnerability Information
CPE: cpe:/a:ibm:rational_clearquest
Required KB Items: installed_sw/IBM Rational ClearQuest, Settings/ParanoidReport
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/10/2014
Vulnerability Publication Date: 4/15/2014
Reference Information
CVE: CVE-2014-0139, CVE-2014-3509, CVE-2014-3511, CVE-2014-3566, CVE-2014-4244, CVE-2014-4263, CVE-2014-5139
BID: 66458, 68624, 68636, 69077, 69079, 69084, 70574
CERT: 577193