Lucene search
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL93600123.NASLHistoryNov 21, 2016 - 12:00 a.m.
F5 Networks BIG-IP : OpenSSL vulnerability (K93600123)
2016-11-2100:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
115
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.969
Percentile
99.7%
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. (CVE-2016-2107)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K93600123.
#
# The text description of this plugin is (C) F5 Networks.
#
include('compat.inc');
if (description)
{
script_id(94986);
script_version("3.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id("CVE-2013-0169", "CVE-2016-2107");
script_bugtraq_id(57778);
script_xref(name:"CEA-ID", value:"CEA-2019-0547");
script_name(english:"F5 Networks BIG-IP : OpenSSL vulnerability (K93600123)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before
1.0.2h does not consider memory allocation during a certain padding
check, which allows remote attackers to obtain sensitive cleartext
information via a padding-oracle attack against an AES CBC session,
NOTE: this vulnerability exists because of an incorrect fix for
CVE-2013-0169. (CVE-2016-2107)");
script_set_attribute(attribute:"see_also", value:"https://support.f5.com/csp/article/K93600123");
script_set_attribute(attribute:"solution", value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K93600123.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08");
script_set_attribute(attribute:"patch_publication_date", value:"2016/05/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/21");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"F5 Networks Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "K93600123";
vmatrix = make_array();
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","12.0.0-12.1.2","11.6.0-11.6.1","11.5.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4");
vmatrix["AFM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2HF1","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","12.0.0-12.1.2","11.6.0-11.6.1","11.5.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4");
vmatrix["AM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2HF1","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","12.0.0-12.1.2","11.6.0-11.6.1","11.5.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
vmatrix["APM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2HF1","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.0.0-12.1.2","11.6.1HF2");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","12.0.0-12.1.2","11.6.0-11.6.1","11.5.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2HF1","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","12.0.0-12.1.2","11.6.0-11.6.1","11.5.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1");
vmatrix["AVR"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2HF1","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","11.6.0-11.6.1","11.5.0-11.5.4","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4");
vmatrix["GTM"]["unaffected"] = make_list("11.6.1HF1","11.5.4HF3","11.6.1HF1","11.5.4HF3","11.6.1HF1","11.5.4HF3","11.6.1HF1","11.5.4HF3");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","12.0.0-12.1.2","11.6.0-11.6.1","11.5.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2HF1","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4","12.0.0-12.1.2","11.6.0-11.6.1","11.5.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","11.2.1","10.2.1-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2HF1","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4","12.0.0-12.1.2","11.6.0-11.6.1","11.5.0-11.5.4","12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.4");
vmatrix["PEM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2HF1","11.6.1HF1","11.5.4HF3","13.0.0","12.1.2","11.6.1HF1","11.5.4HF3");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_note(port:0, extra:bigip_report_get());
else security_note(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
Related
cvelist
cvelist
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
openssl - several vulnerabilities
2013-02-13 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
veracode
veracode
Padding Oracle Attack
2017-01-27 03:10:31
Timing Attacks
2017-02-10 05:59:15
Timing Side- Channel Attack
2019-01-15 08:52:54
cve
cve
alpinelinux
alpinelinux
CVE-2016-2107
2016-05-05 01:59:03
f5
f5
K93600123 : OpenSSL vulnerability CVE-2016-2107
2016-05-07 00:00:00
SOL93600123 - OpenSSL vulnerability CVE-2016-2107
2016-05-06 00:00:00
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
prion
prion
Design/Logic Flaw
2016-05-05 01:59:00
Design/Logic Flaw
2013-02-08 19:55:00
Design/Logic Flaw
2013-02-08 19:55:00
nvd
nvd
openssl
openssl
Vulnerability in OpenSSL - Padding oracle in AES-NI CBC MAC check
2016-05-03 00:00:00
Vulnerability in OpenSSL - SSL, TLS and DTLS Plaintext Recovery Attack
2013-02-04 00:00:00
ibm
ibm
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
2018-06-17 04:48:04
Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.
2022-09-25 21:06:56
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-0169)
2018-06-17 04:47:31
nessus
nessus
IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure
2014-08-11 00:00:00
F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190)
2014-10-10 00:00:00
Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure
2014-07-14 00:00:00
securityvulns
securityvulns
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2013-042-01)
2022-04-21 00:00:00
OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Linux
2021-08-17 00:00:00
OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Windows
2021-08-17 00:00:00
slackware
slackware
openssl
2013-02-11 23:49:59
hackerone
hackerone
FormAssembly: formassembly.com is vulnerable to padding-oracle attacks.
2017-01-10 13:38:12
Internet Bug Bounty: Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
2016-05-07 16:35:28
Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com
2017-07-30 20:00:47
threatpost
threatpost
OpenSSL Patches Padding Oracle Attack Bug
2016-05-03 12:17:47
checkpoint_advisories
checkpoint_advisories
OpenSSL Padding Oracle Information Disclosure (CVE-2016-2107)
2016-05-09 00:00:00
zdt
zdt
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
2016-05-04 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that (mostly) aren’t: LUCKY13
2024-05-03 05:12:27
exploitdb
exploitdb
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
2016-05-04 00:00:00
redhatcve
redhatcve
CVE-2016-2107
2016-05-03 14:48:50
seebug
seebug
OpenSSL Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
2016-05-04 00:00:00
archlinux
archlinux
lib32-openssl: multiple issues
2016-05-04 00:00:00
openssl: multiple issues
2016-05-04 00:00:00
centos
centos
java security update
2013-02-20 20:11:32
java security update
2013-02-20 20:33:43
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
suse
suse
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
Security update for Java (important)
2013-02-22 20:04:33
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 17:04:41
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
symantec
symantec
SA123 : OpenSSL Vulnerabilities 3-May-2016
2016-05-09 08:00:00
redhat
redhat
(RHSA-2013:0783) Moderate: openssl security update
2013-05-01 17:58:17
fedora
fedora
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18
2013-04-03 04:51:11
amazon
amazon
Critical: openssl
2014-04-07 17:26:00
Important: java-1.6.0-openjdk
2013-03-02 16:50:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-02-20 00:00:00
java-1.6.0-openjdk security update
2013-02-20 00:00:00
citrix
citrix
Citrix XenServer 7.2 Multiple Security Updates
2018-03-29 04:00:00
kitploit
kitploit
yawast - The YAWAST Antecedent Web Application Security Toolkit
2016-10-16 14:12:00
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.969
Percentile
99.7%
Related for F5_BIGIP_SOL93600123.NASL