IBM Rational ClearQuest 7.1.x < 220.127.116.11 / 8.0.0.x < 18.104.22.168 / 8.0.1.x < 22.214.171.124 Multiple Vulnerabilities (credentialed check) (POODLE)
Medium Nessus Plugin ID 81784
SynopsisThe remote host has software installed that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of IBM Rational ClearQuest 7.1.x prior to 126.96.36.199 / 8.0.0.x prior to 188.8.131.52 / 8.0.1.x prior to 184.108.40.206 installed. It is, therefore, potentially affected by multiple vulnerabilities in third party libraries :
- An error exists in the libcURL and OpenSSL libraries related to an IP address that uses a wildcard in the subject's Common Name (CN) field of an X.509 certificate. A man-in-the-middle attacker can exploit this issue to spoof SSL servers. (CVE-2014-0139)
- An error exists in the OpenSSL library related to 'ec point format extension' handling and multithreaded clients that allows freed memory to be overwritten during a resumed session. (CVE-2014-3509)
- An error exists in the OpenSSL library related to handling fragmented 'ClientHello' messages that allow a man-in-the-middle attacker to force usage of TLS 1.0 regardless of higher protocol levels being supported by both the server and the client. (CVE-2014-3511)
- A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
- An information disclosure flaw exists in the Java library within the 'share/classes/sun/security/rsa/RSACore.java' class related to 'RSA blinding' caused during operations using private keys and measuring timing differences. This allows a remote attacker to gain information about used keys. (CVE-2014-4244)
- A flaw exists in the Java library within the 'validateDHPublicKey' function in the 'share/classes/sun/security/util/KeyUtil.java' class which is triggered during the validation of Diffie-Hellman public key parameters. This allows a remote attacker to recover a key. (CVE-2014-4263)
- A NULL pointer dereference error exists in the OpenSSL library related to handling Secure Remote Password protocol (SRP) that allows a malicious server to crash a client, resulting in a denial of service.
SolutionUpgrade to IBM Rational ClearQuest 220.127.116.11 / 18.104.22.168 / 22.214.171.124 or later.