Vulnerability identifier: #VU86
Vulnerability risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID:
CWE-ID:
CWE-300
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
HPE Service Manager
Client/Desktop applications /
Software for system administration
Oracle Solaris
Operating systems & Components /
Operating system
Oracle Directory Server Enterprise Edition
Server applications /
Other server solutions
Oracle GlassFish Server
Server applications /
Other server solutions
Oracle OpenSSO
Web applications /
Remote management & hosting panels
Oracle Traffic Director
Other software /
Other software solutions
Sun ONE/iPlanet Web Server
Server applications /
Web servers
SPARC Enterprise M3000
Hardware solutions /
Firmware
SPARC Enterprise M4000
Hardware solutions /
Firmware
SPARC Enterprise M5000
Hardware solutions /
Firmware
SPARC Enterprise M8000
Hardware solutions /
Firmware
SPARC Enterprise M9000
Hardware solutions /
Firmware
Oracle Secure Global Desktop
Client/Desktop applications /
Virtualization software
Vendor:
Hewlett Packard Enterprise Development LP
Oracle
Sun
Description
The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.
The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.
Successful exploitation of this vulnerability may result in modification of authentication information
Mitigation
Install upgrated versions at:
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05193083
Vulnerable software versions
HPE Service Manager: 9.30 - 9.40
Oracle Solaris: 10 - 11.3
Oracle Directory Server Enterprise Edition: 7.0 - 11.1.1.7.0
Oracle GlassFish Server: 2.1.1
Oracle OpenSSO: 3.0-0.7
Oracle Traffic Director: 11.1.1.7.0 - 11.1.1.9.0
Sun ONE/iPlanet Web Server: 4.0 - 7.0
SPARC Enterprise M3000: XCP 1117 - XCP 1118
SPARC Enterprise M4000: XCP 1118
SPARC Enterprise M5000: XCP 1117 - XCP 1118
SPARC Enterprise M8000: XCP 1117 - XCP 1118
SPARC Enterprise M9000: XCP 1117 - XCP 1118
Oracle Secure Global Desktop: 4.63 - 5.2
External links
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05193083
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.