Splunk Enterprise 5.0.x < 5.0.11 Multiple Vulnerabilities (POODLE)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server contains an application that is affected by
multiple vulnerabilities.

Description :

According to its version number, the Splunk Enterprise hosted on the
remote web server is 5.0.x prior to 5.0.11. It is, therefore, affected
by the following vulnerabilities :

- A man-in-the-middle (MitM) information disclosure
vulnerability, known as POODLE, exists due to the way
SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining
(CBC) mode. A MitM attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections.
(CVE-2014-3566)

- A flaw exists in the included OpenSSL library due to
handling session tickets that have not been properly
verified for integrity. A remote attacker, by using a
large number of invalid session tickets, can exploit
this to cause a denial of service. (CVE-2014-3567)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.splunk.com/view/SP-CAAANST
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to Splunk Enterprise 5.0.11 or later.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.2
(CVSS2#E:U/RL:TF/RC:UR)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 79721 ()

Bugtraq ID: 70574
70586

CVE ID: CVE-2014-3566
CVE-2014-3567

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now