IBM Rational ClearQuest 7.1.x < 7.1.2.16 / 8.0.0.x < 8.0.0.13 / 8.0.1.x < 8.0.1.6 Multiple Vulnerabilities (credentialed check) (POODLE)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by multiple
vulnerabilities.

Description :

The remote host has a version of IBM Rational ClearQuest 7.1.x prior
to 7.1.2.16 / 8.0.0.x prior to 8.0.0.13 / 8.0.1.x prior to 8.0.1.6
installed. It is, therefore, potentially affected by multiple
vulnerabilities in third party libraries :

- An error exists in the libcURL and OpenSSL libraries
related to an IP address that uses a wildcard in the
subject's Common Name (CN) field of an X.509
certificate. A man-in-the-middle attacker can exploit
this issue to spoof SSL servers. (CVE-2014-0139)

- An error exists in the OpenSSL library related to
'ec point format extension' handling and multithreaded
clients that allows freed memory to be overwritten
during a resumed session. (CVE-2014-3509)

- An error exists in the OpenSSL library related to
handling fragmented 'ClientHello' messages that allow a
man-in-the-middle attacker to force usage of TLS 1.0
regardless of higher protocol levels being supported by
both the server and the client. (CVE-2014-3511)

- A man-in-the-middle (MitM) information disclosure
vulnerability known as POODLE. The vulnerability is due
to the way SSL 3.0 handles padding bytes when decrypting
messages encrypted using block ciphers in cipher block
chaining (CBC) mode. MitM attackers can decrypt a
selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0
connections. (CVE-2014-3566)

- An information disclosure flaw exists in the Java
library within the
'share/classes/sun/security/rsa/RSACore.java' class
related to 'RSA blinding' caused during operations using
private keys and measuring timing differences. This
allows a remote attacker to gain information about used
keys. (CVE-2014-4244)

- A flaw exists in the Java library within the
'validateDHPublicKey' function in the
'share/classes/sun/security/util/KeyUtil.java' class
which is triggered during the validation of
Diffie-Hellman public key parameters. This allows a
remote attacker to recover a key. (CVE-2014-4263)

- A NULL pointer dereference error exists in the OpenSSL
library related to handling Secure Remote Password
protocol (SRP) that allows a malicious server to crash a
client, resulting in a denial of service.
(CVE-2014-5139)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21692062
http://www-01.ibm.com/support/docview.wss?uid=swg21687405
http://www-01.ibm.com/support/docview.wss?uid=swg21677290
http://www-01.ibm.com/support/docview.wss?uid=swg21692139
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to IBM Rational ClearQuest 7.1.2.16 / 8.0.0.13 / 8.0.1.6 or
later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now