#VU86 Man-in-the-middle attack in Sun products - CVE-2015-4000


| Updated: 2022-11-08

Vulnerability identifier: #VU86

Vulnerability risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2015-4000

CWE-ID: CWE-300

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
HPE Service Manager
Client/Desktop applications / Software for system administration
Oracle Solaris
Operating systems & Components / Operating system
Oracle Directory Server Enterprise Edition
Server applications / Other server solutions
Oracle GlassFish Server
Server applications / Other server solutions
Oracle OpenSSO
Web applications / Remote management & hosting panels
Oracle Traffic Director
Other software / Other software solutions
Sun ONE/iPlanet Web Server
Server applications / Web servers
SPARC Enterprise M3000
Hardware solutions / Firmware
SPARC Enterprise M4000
Hardware solutions / Firmware
SPARC Enterprise M5000
Hardware solutions / Firmware
SPARC Enterprise M8000
Hardware solutions / Firmware
SPARC Enterprise M9000
Hardware solutions / Firmware
Oracle Secure Global Desktop
Client/Desktop applications / Virtualization software

Vendor: Hewlett Packard Enterprise Development LP
Oracle
Sun

Description
The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.

The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.

Successful exploitation of this vulnerability may result in modification of authentication information

Mitigation
Install upgrated versions at:

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05193083

Vulnerable software versions

HPE Service Manager: 9.30 - 9.40

Oracle Solaris: 10 - 11.3

Oracle Directory Server Enterprise Edition: 7.0 - 11.1.1.7.0

Oracle GlassFish Server: 2.1.1

Oracle OpenSSO: 3.0-0.7

Oracle Traffic Director: 11.1.1.7.0 - 11.1.1.9.0

Sun ONE/iPlanet Web Server: 4.0 - 7.0

SPARC Enterprise M3000: XCP 1117 - XCP 1118

SPARC Enterprise M4000: XCP 1118

SPARC Enterprise M5000: XCP 1117 - XCP 1118

SPARC Enterprise M8000: XCP 1117 - XCP 1118

SPARC Enterprise M9000: XCP 1117 - XCP 1118

Oracle Secure Global Desktop: 4.63 - 5.2

External links
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05193083
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Aspera Console
SUSE update for java-1_8_0-openjdk
SUSE update for java-1_8_0-openjdk
Man-in-the-middle attack in HP Business Service Automation Essentials (BSAE)
Multiple vulnerabilities in HP Operations Manager for UNIX and Linux
Man-in-the-middle attack in HP Integrated Lights-Out 2/3/4
Man-in-the-middle attack in HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery
Man-in-the-middle attack in HP Discovery and Dependency Mapping Inventory (DDMI)
Man-in-the-middle attack in HP Connect-IT
Man-in-the-middle attack in HP Service Manager