Pivotal Web Server 5.x < 5.4.1 Multiple OpenSSL Vulnerabilities

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote web server has an application installed that is affected by
multiple vulnerabilities.

Description :

The version of Pivotal Web Server (formerly VMware vFabric Web Server)
installed on the remote host is version 5.x prior to 5.4.1. It is,
therefore, affected by multiple vulnerabilities in the bundled version
of OpenSSL :

- An error exists in the 'ssl3_read_bytes' function
that permits data to be injected into other sessions
or allows denial of service attacks. Note that this
issue is exploitable only if SSL_MODE_RELEASE_BUFFERS
is enabled. (CVE-2010-5298)

- An error exists in the 'do_ssl3_write' function that
permits a null pointer to be dereferenced, which could
allow denial of service attacks. Note that this issue
is exploitable only if SSL_MODE_RELEASE_BUFFERS is
enabled. (CVE-2014-0198)

- An error exists in the processing of ChangeCipherSpec
messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be
done. (CVE-2014-0224)

- An error exists in the 'dtls1_get_message_fragment'
function related to anonymous ECDH cipher suites. This
could allow denial of service attacks. Note that this
issue only affects OpenSSL TLS clients. (CVE-2014-3470)

Note that Nessus did not actually test for these issues, but has
instead relied on the version in the server's banner.

See also :

http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.nessus.org/u?80b8e207
http://www.pivotal.io/security/CVE-2014-0224
https://www.openssl.org/news/secadv/20140605.txt

Solution :

Upgrade to version 5.4.1 / 6.0 or later.

Alternatively, apply the vendor patch and restart the service.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 77389 ()

Bugtraq ID: 66801
67193
67898
67899

CVE ID: CVE-2010-5298
CVE-2014-0198
CVE-2014-0224
CVE-2014-3470

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now