Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.2025
Security Bulletin: Vulnerability in SSLv3 affects IBM
WebSphere Application Server (CVE-2014-3566)
3 November 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM WebSphere Application Server
Publisher: IBM
Operating System: AIX
HP-UX
IBM i
Linux variants
Solaris
Windows
Impact/Access: Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-3566
Reference: ASB-2014.0123
ASB-2014.0122
ESB-2014.2022
ESB-2014.2021
ESB-2014.2015
ESB-2014.2014
ESB-2014.2011
ESB-2014.2000
ESB-2014.1999
ESB-2014.1998
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21687173
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application
Server (CVE-2014-3566)
Document information
More support for:
WebSphere Application Server
General
Software version:
6.1, 7.0, 8.0, 8.5, 8.5.5
Operating system(s):
AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS
Software edition:
Base, Developer, Enterprise, Liberty, Network Deployment, Single Server
Reference #:
1687173
Modified date:
2014-10-31
Security Bulletin
Summary
SSLv3 contains a vulnerability that has been referred to as the Padding Oracle
On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default
in IBM WebSphere Application Server.
Vulnerability Details
CVE ID: CVE-2014-3566
DESCRIPTION: IBM WebSphere Application could allow a remote attacker to obtain
sensitive information, caused by a design error when using the SSLv3 protocol.
A remote user with the ability to conduct a man-in-the-middle attack could
exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy
Encryption) attack to decrypt SSL sessions and access the plaintext of
encrypted connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97013 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
This vulnerability affects all versions and releases of IBM WebSphere
Application Server, IBM WebSphere Application Server Full Profile, IBM
WebSphere Application Server Liberty Profile and IBM WebSphere Application
Server Hypervisor Edition.
Remediation/Fixes
Please refer to the Security Bulletin for IBM HTTP Server to remediate your
webserver.
There is mitigation listed in the Workaround and Mitigations section but you
should also consider the options listed below for a full solution. If you have
SSL hard coded in your application code, such as SSLContext.getInstance("SSL")
then you should install the interim fixes listed below since the current
implementation defaults that context to SSLv3. The interim fix is an
enhancement in the IBM JDK.
The following table lists some common standard protocol label names for Java 5
and above:
Protocol Prior to this fix After this fix
SSL SSL v3.0 see chart below
SSLv3 SSL v3.0 Connection will fail
TLS TLS v1.0 (defined in RFC 2246) TLS v1.0 (defined in RFC 2246)
TLSv1 TLS v1.0 (defined in RFC 2246) TLS v1.0 (defined in RFC 2246)
TLSv1.1 TLS v1.1 (defined in RFC 4346) TLS v1.1 (defined in RFC 4346)
TLSv1.2 TLS v1.2 (defined in RFC 5246) TLS v1.2 (defined in RFC 5246)
SSL_TLS Enables all SSL V3.0 and TLS 1.0 protocols TLS 1.0
SSL_TLSv2 Enables all SSL V3.0 and TLS 1.0, 1.1 and TLS 1.0, 1.1 and 1.2 protocols
1.2 protocols
The IBM SDK Java Technology Edition that is shipped with IBM WebSphere
Application Server will be updated per the chart below, so that SSL Protocol
alias label of "SSL" would mean the TLS levels marked.
Java Version TLS 1.0 TLS 1.1 TLS 1.2
Java 7 Server x x x
Java 7 Client x
Java 6 x
Java 5 x
The interim fixes will disable SSLv3 by default. If you need to change that
value, then there is a new java system property to enable SSLv3 with the
protocols listed above. Set the system property either statically or
dynamically as described in the Information Center for the IBM SDK Java
Technology Edition you are using.
- -Dcom.ibm.jsse2.disableSSLv3=false
For IBM WebSphere Application Server and IBM WebSphere Application Server
Hypervisor Edition :
If using Installation Manager 1.7.3.1 or older, please refer to the reference
section and upgrade to Installation Manager 1.8 or newer.
Download and apply the interim fix APARs below, for your appropriate release:
For V8.5.0.0 through 8.5.5.3 Full Profile:
Apply Interim Fix PI28435: Will upgrade you to IBM Java SDK Version 7R1
Service Refresh 1 Fix Pack 1 (optional) + APAR IV66110 for change to disable
SSLv3 by default
Apply Interim Fix PI28436: Will upgrade you to IBM Java SDK Version 7 Service
Refresh 7 Fix Pack 1 (optional) + APAR IV66110 for change to disable SSLv3 by
default
Apply Interim Fix PI28437: Will upgrade you to IBM Java SDK Version 6R1
Service Refresh 8 Fix Pack 1 (required) + APAR IV66610 for change to disable
SSLv3 by default
- --OR--
Apply IBM Java SDK shipped with the WebSphere Application Server Fix pack
8.5.5.4 or later (targeted to be available mid December 2014)
For 8.0.0.0 through 8.0.0.9:
Apply Interim Fix PI28438: Will upgrade you to IBM Java SDK Version 6R1
Service Refresh 8 Fix Pack 1 + APAR IV66110 for change to disable SSLv3 by
default
- --OR--
Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 10
(8.0.0.10) or later (targeted to be available 16 February 2015).
For V7.0.0.0 through 7.0.0.35:
Apply Interim Fix PI28439: Will upgrade you to IBM Java SDK Version 6 Service
Refresh 16 Fix Pack 1 + APAR IV66110 for change to disable SSLv3 by default
- --OR--
Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 37
(7.0.0.37) or later (targeted to be available 13 March 2015).
For V6.1.0.0 through 6.1.0.47:
Contact IBM Support and apply Interim Fix PI28796 : Will upgrade you to IBM
Java SDK Version 5.0 Service Refresh 16 Fix Pack 7 + APAR IV66111 for change
to disable SSLv3 by default.
Customers must open a PMR with IBM to get this Interim Fix.
Only available to active Service Extension customers.
For IBM WebSphere Application Server for i5/OS operating systems:
The IBM Developer Kit for Java is prerequisite software for WebSphere
Application Server for IBM i. Please refer to Java on IBM i for updates on
when these fixes will be available.
Workarounds and Mitigations
SSLV3 users will want to disable SSLV3 on WebSphere Application Servers using
IBM JDK, both Full Profile and Liberty Profile. Note: The Protocol label
SSL_TLS will not remediate this issue since this means protocol support of
SSLv3, TLS 1.0, TLS 1.1 and TLS 1.2. In order to disable SSLV3, IBM recommends
protocol label TLS which is TLS 1.0. IBM is working on delivering a solution
to support all the TLS versions.
For WebSphere Application Server Full Profile and WebSphere Application Server
Hypervisor editions, modifying the server's SSL configuration to disable SSLv3
can be done from either the Admin console or with an Admin task from wsadmin.
On the Admin Console
For Versions 8.5.5.x, 8.5.0.x, 8.0.0.x and 7.0.0.x:
1. Go to Security > SSL certificate and key management > SSL configurations
2. The collection of all SSL configurations is listed. For each SSL
configuration in the list the SSL protocol will need to be modified to use
TLS.
3. Select an SSL Configuration then click Quality of protection (QoP) settings
under Additional Properties on the right.
4. On the Quality of protection (QoP) settings panel select TLS form the pull
down list in the box labeled Protocol.
5. Apply/Save.
For Version 6.1.0.x:
1. Go to Security > SSL certificate and key management > SSL configurations
2. The collection of all SSL configurations is listed. For each SSL
configuration in the list the SSL protocol will need to be modified to use
TLS.
3. Select an SSL Configuration then click Quality of protection (QoP) settings
under Additional Properties on the right.
4. On the Quality of protection (QoP) settings panel select TLS form the pull
down list in the box labeled Protocol.
5. Apply/Save.
For Version 6.0.2.x:
There is no administrative tasks to modify the SSL configurations this must be
done on the Admin console
1. Go to Security > SSL configuration repertoires
2. The collection of all SSL configurations is listed. For each SSL
configuration in the list the SSL protocol will need to be modified to use
TLS.
3. Select an SSL Configuration on the configuration's panel select TLS form
the pull down list in the box labeled Protocol.
4. Apply/Save
Using wsadmin (does not apply to WebSphere Application Server 6.0.2)
If using wsadmin for each SSL Configuration the modifySSLConfig task will need
to be called.
To get the list of SSL Configuration in wsadmin call
wsadmin> AdminTask.listSSLConfigs('[-all true]')
To modify a SSL configuration from wsadmin call
wsadmin>AdminTask.modifySSLConfig('[-alias <fill in the SSL Configuration
alias> -scopeName <fill in the SSL Configuration management scope>
- -sslProtocol TLS]')
wsadmin>AdminConfig.save()
Example of what a modifySSLConfig command looks like with an alias and scope
provided.
wsadmin>AdminTask.modifySSLConfig('[-alias CellDefaultSSLSettings -scopeName
(cell):ndcell -sslProtocol TLS ]')
If dynamically updating the SSL configuration is not enabled then the server
will need to be restarted. (For Version 6.0.2 the server will always need to
be restarted). To check if dynamic updating SSL Configuration is enabled on
the Admin Console go to Security > SSL certificate and key management. If the
box labeled 'Dynamically update the run time when SSL configuration changes
occur' is selected then dynamic SSL configuration is enabled.
Client configuration files:
For WebSphere Application Server Version 6.1 and higher
update ssl.client.props file
For WebSphere Application Server Version 6.0.2
update sas.client.props and soap.client.props file
The SSL protocol is set with the com.ibm.ssl.protocol property in the
ssl.client.props file. So edit the ssl.client.props file and set the
com.ibm.ssl.protocol value to TLS eg. change com.ibm.ssl.protocol=TLS. This
needs to be done for each ssl.client.props file in the configuration.
If the property does not exist in the sas.client.props file or
soap.client.props file for version 6.0.2, it can be added as
com.ibm.ssl.protocol=TLS.
Special considerations for Network Deployment environments.
The recommended way to change SSL protocol in an ND environment when the
protocol switch is to incompatible SSL protocols:
Stop all nodes and node agents in the cell.
Modify each SSL configuration to use TLS as specified above.
Manually sync each node with the syncNode command (ssl.client.props file will
need to be updated before you do this.)
Start the node agents and servers.
For WebSphere Application Server for i5/OS operating systems:
Apply solutions listed above and then also update the Native SSL
implementation as described in the bulletin
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020292
For WebSphere Application Server Liberty Profile:
The Liberty profile offer a minimal SSL configuration that allow a user to
only provide a keystore configuration and the rest of the SSL information is
filled in by the runtime. When the runtime fills in a SSL configuration it
uses SSL_TLS for the IBM SDK for Java and SSL for the Oracle JDK. The minimal
configuration may look like this in the server.xml file:
<keyStore id="defaultKeyStore" password="yourPassword" />
A ssl element can be added so the default ssl configuration will not use
SSLv3. The sslProtocol attribute in the ssl element defines what protocol is
used, setting it to TLS will override the default.
<ssl id="defaultSSLConfig"
keyStoreRef="defaultKeyStore"
sslProtocol="TLS" />
<keyStore id="defaultKeyStore"
password="yourPassword" />
If using custom ssl configurations besides the minimal configuration the
protocol element needs to be set for each ssl element that is in the
server.xml file. For example
<ssl id="myCustomSSLConfig"
keyStoreRef="defaultKeyStore"
trustStoreRef="defaultTrustStore"
clientAuthentication="true"
sslProtocol="TLS" />
IBM recommends that you review your entire environment to identify other areas
that enable SSLv3 protocol and take appropriate mitigation (such as disabling
SSLv3) and remediation actions.
Important note
IBM strongly suggests that all System z customers be subscribed to the System
z Security Portal to receive the latest critical System z security and
integrity service. If you are not subscribed, see the instructions on the
System z Security web site. Security and integrity APARs and associated fixes
will be posted to this portal. IBM suggests reviewing the CVSS scores and
applying all security or integrity fixes as soon as possible to minimize any
potential risk.
References
Complete CVSS Guide
On-line Calculator V2
Security Bulletin for IBM HTTP Server
Product updates not found when using IBM Installation Manager 1.7.3.1 or older
IBM Installation Manager 1.7.3.1 or older cannot connect to HTTPS servers that
have SSL security protocol disabled
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
15 October 2014: original document published
20 October 2014: fix quote in wrong location for wsadmin command
22 October 2014: clarified SSL_TLS versus TLS
31 October 2014: added ifixes for remediation
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Cross reference information
Segment Product Component Platform Version Edition
Application Servers IBM HTTP Server
Application Servers WebSphere Application Server Hypervisor Edition
Application Servers WebSphere Application Server Liberty Core
Application Servers WebSphere Virtual Enterprise
Application Servers WebSphere Extended Deployment Compute Grid
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVFcYbBLndAQH1ShLAQKxoQ/8C4PRFEBgKEVCeXAcao/BWeeQ0mz/UoQy
VYcIHgZY0GAmYYa0GSoQdzygqFsrRpvRxAmBapMqzB6vm5ESY5DwZeKPGpMLu18v
YPTw14+rMk6qRGhlU+oARLFSU3pxUfzw9A0D/rnUD9lB97xxBVh6bAcr2xLwdhfl
mxRYlp9gJiqX/J6NlxGodvSxmCXvv2wPE+Zrq1YOlaMt5QVGXHc3wVUypiARMR+q
mt8qvVD2u/FQtrKJrXo4khrDgCTt0vfCjTE8S3NnLZPKrBseCy2AifpuW+S9GJ83
WdFz5KORWEBGTW8HqUApOGH3oR/SN8ZMLGvu28Zz8ymeM7yRGNImI4qJFr2FT9T/
z6248aytlNUQR6ossldQHXbp/UGQ1JgGxAL+pgkhV1H8qT6KtbM3PbaMO6ewdTPv
7//JrzRvOgWNuAhqkPrVDBVgYcfF8o4gLK4rwNdPE1j5i2vI5lx0jNsvids1Ky13
rKrP/1S9/JaHkStl3h1/2aqN6CglmVu1tk6gL4ua7gfGtzRRCV6RpDZj8EVJlayR
utC29GM/dD6JpoQ0R+2K+NlkkgGl2P0HZtNqD15kLzEjwfmuaorIl1KgiRFFYGFD
o1ddnPsoV3hsBxC4+SkRyg4b0jGkzHho9frG3KUCIQABXSwI+X68fF48ZWnzLCsh
zAvCvMRi/XY=
=lryX
-----END PGP SIGNATURE-----