03 November 2014
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.2025 Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566) 3 November 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM WebSphere Application Server Publisher: IBM Operating System: AIX HP-UX IBM i Linux variants Solaris Windows Impact/Access: Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-3566 Reference: ASB-2014.0123 ASB-2014.0122 ESB-2014.2022 ESB-2014.2021 ESB-2014.2015 ESB-2014.2014 ESB-2014.2011 ESB-2014.2000 ESB-2014.1999 ESB-2014.1998 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21687173 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566) Document information More support for: WebSphere Application Server General Software version: 6.1, 7.0, 8.0, 8.5, 8.5.5 Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS Software edition: Base, Developer, Enterprise, Liberty, Network Deployment, Single Server Reference #: 1687173 Modified date: 2014-10-31 Security Bulletin Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere Application Server. Vulnerability Details CVE ID: CVE-2014-3566 DESCRIPTION: IBM WebSphere Application could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97013 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) Affected Products and Versions This vulnerability affects all versions and releases of IBM WebSphere Application Server, IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile and IBM WebSphere Application Server Hypervisor Edition. Remediation/Fixes Please refer to the Security Bulletin for IBM HTTP Server to remediate your webserver. There is mitigation listed in the Workaround and Mitigations section but you should also consider the options listed below for a full solution. If you have SSL hard coded in your application code, such as SSLContext.getInstance("SSL") then you should install the interim fixes listed below since the current implementation defaults that context to SSLv3. The interim fix is an enhancement in the IBM JDK. The following table lists some common standard protocol label names for Java 5 and above: Protocol Prior to this fix After this fix SSL SSL v3.0 see chart below SSLv3 SSL v3.0 Connection will fail TLS TLS v1.0 (defined in RFC 2246) TLS v1.0 (defined in RFC 2246) TLSv1 TLS v1.0 (defined in RFC 2246) TLS v1.0 (defined in RFC 2246) TLSv1.1 TLS v1.1 (defined in RFC 4346) TLS v1.1 (defined in RFC 4346) TLSv1.2 TLS v1.2 (defined in RFC 5246) TLS v1.2 (defined in RFC 5246) SSL_TLS Enables all SSL V3.0 and TLS 1.0 protocols TLS 1.0 SSL_TLSv2 Enables all SSL V3.0 and TLS 1.0, 1.1 and TLS 1.0, 1.1 and 1.2 protocols 1.2 protocols The IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server will be updated per the chart below, so that SSL Protocol alias label of "SSL" would mean the TLS levels marked. Java Version TLS 1.0 TLS 1.1 TLS 1.2 Java 7 Server x x x Java 7 Client x Java 6 x Java 5 x The interim fixes will disable SSLv3 by default. If you need to change that value, then there is a new java system property to enable SSLv3 with the protocols listed above. Set the system property either statically or dynamically as described in the Information Center for the IBM SDK Java Technology Edition you are using. - -Dcom.ibm.jsse2.disableSSLv3=false For IBM WebSphere Application Server and IBM WebSphere Application Server Hypervisor Edition : If using Installation Manager 126.96.36.199 or older, please refer to the reference section and upgrade to Installation Manager 1.8 or newer. Download and apply the interim fix APARs below, for your appropriate release: For V188.8.131.52 through 184.108.40.206 Full Profile: Apply Interim Fix PI28435: Will upgrade you to IBM Java SDK Version 7R1 Service Refresh 1 Fix Pack 1 (optional) + APAR IV66110 for change to disable SSLv3 by default Apply Interim Fix PI28436: Will upgrade you to IBM Java SDK Version 7 Service Refresh 7 Fix Pack 1 (optional) + APAR IV66110 for change to disable SSLv3 by default Apply Interim Fix PI28437: Will upgrade you to IBM Java SDK Version 6R1 Service Refresh 8 Fix Pack 1 (required) + APAR IV66610 for change to disable SSLv3 by default - --OR-- Apply IBM Java SDK shipped with the WebSphere Application Server Fix pack 220.127.116.11 or later (targeted to be available mid December 2014) For 18.104.22.168 through 22.214.171.124: Apply Interim Fix PI28438: Will upgrade you to IBM Java SDK Version 6R1 Service Refresh 8 Fix Pack 1 + APAR IV66110 for change to disable SSLv3 by default - --OR-- Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 10 (126.96.36.199) or later (targeted to be available 16 February 2015). For V188.8.131.52 through 184.108.40.206: Apply Interim Fix PI28439: Will upgrade you to IBM Java SDK Version 6 Service Refresh 16 Fix Pack 1 + APAR IV66110 for change to disable SSLv3 by default - --OR-- Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 37 (220.127.116.11) or later (targeted to be available 13 March 2015). For V18.104.22.168 through 22.214.171.124: Contact IBM Support and apply Interim Fix PI28796 : Will upgrade you to IBM Java SDK Version 5.0 Service Refresh 16 Fix Pack 7 + APAR IV66111 for change to disable SSLv3 by default. Customers must open a PMR with IBM to get this Interim Fix. Only available to active Service Extension customers. For IBM WebSphere Application Server for i5/OS operating systems: The IBM Developer Kit for Java is prerequisite software for WebSphere Application Server for IBM i. Please refer to Java on IBM i for updates on when these fixes will be available. Workarounds and Mitigations SSLV3 users will want to disable SSLV3 on WebSphere Application Servers using IBM JDK, both Full Profile and Liberty Profile. Note: The Protocol label SSL_TLS will not remediate this issue since this means protocol support of SSLv3, TLS 1.0, TLS 1.1 and TLS 1.2. In order to disable SSLV3, IBM recommends protocol label TLS which is TLS 1.0. IBM is working on delivering a solution to support all the TLS versions. For WebSphere Application Server Full Profile and WebSphere Application Server Hypervisor editions, modifying the server's SSL configuration to disable SSLv3 can be done from either the Admin console or with an Admin task from wsadmin. On the Admin Console For Versions 8.5.5.x, 8.5.0.x, 8.0.0.x and 7.0.0.x: 1. Go to Security > SSL certificate and key management > SSL configurations 2. The collection of all SSL configurations is listed. For each SSL configuration in the list the SSL protocol will need to be modified to use TLS. 3. Select an SSL Configuration then click Quality of protection (QoP) settings under Additional Properties on the right. 4. On the Quality of protection (QoP) settings panel select TLS form the pull down list in the box labeled Protocol. 5. Apply/Save. For Version 6.1.0.x: 1. Go to Security > SSL certificate and key management > SSL configurations 2. The collection of all SSL configurations is listed. For each SSL configuration in the list the SSL protocol will need to be modified to use TLS. 3. Select an SSL Configuration then click Quality of protection (QoP) settings under Additional Properties on the right. 4. On the Quality of protection (QoP) settings panel select TLS form the pull down list in the box labeled Protocol. 5. Apply/Save. For Version 6.0.2.x: There is no administrative tasks to modify the SSL configurations this must be done on the Admin console 1. Go to Security > SSL configuration repertoires 2. The collection of all SSL configurations is listed. For each SSL configuration in the list the SSL protocol will need to be modified to use TLS. 3. Select an SSL Configuration on the configuration's panel select TLS form the pull down list in the box labeled Protocol. 4. Apply/Save Using wsadmin (does not apply to WebSphere Application Server 6.0.2) If using wsadmin for each SSL Configuration the modifySSLConfig task will need to be called. To get the list of SSL Configuration in wsadmin call wsadmin> AdminTask.listSSLConfigs('[-all true]') To modify a SSL configuration from wsadmin call wsadmin>AdminTask.modifySSLConfig('[-alias <fill in the SSL Configuration alias> -scopeName <fill in the SSL Configuration management scope> - -sslProtocol TLS]') wsadmin>AdminConfig.save() Example of what a modifySSLConfig command looks like with an alias and scope provided. wsadmin>AdminTask.modifySSLConfig('[-alias CellDefaultSSLSettings -scopeName (cell):ndcell -sslProtocol TLS ]') If dynamically updating the SSL configuration is not enabled then the server will need to be restarted. (For Version 6.0.2 the server will always need to be restarted). To check if dynamic updating SSL Configuration is enabled on the Admin Console go to Security > SSL certificate and key management. If the box labeled 'Dynamically update the run time when SSL configuration changes occur' is selected then dynamic SSL configuration is enabled. Client configuration files: For WebSphere Application Server Version 6.1 and higher update ssl.client.props file For WebSphere Application Server Version 6.0.2 update sas.client.props and soap.client.props file The SSL protocol is set with the com.ibm.ssl.protocol property in the ssl.client.props file. So edit the ssl.client.props file and set the com.ibm.ssl.protocol value to TLS eg. change com.ibm.ssl.protocol=TLS. This needs to be done for each ssl.client.props file in the configuration. If the property does not exist in the sas.client.props file or soap.client.props file for version 6.0.2, it can be added as com.ibm.ssl.protocol=TLS. Special considerations for Network Deployment environments. The recommended way to change SSL protocol in an ND environment when the protocol switch is to incompatible SSL protocols: Stop all nodes and node agents in the cell. Modify each SSL configuration to use TLS as specified above. Manually sync each node with the syncNode command (ssl.client.props file will need to be updated before you do this.) Start the node agents and servers. For WebSphere Application Server for i5/OS operating systems: Apply solutions listed above and then also update the Native SSL implementation as described in the bulletin http://www-01.ibm.com/support/docview.wss?uid=nas8N1020292 For WebSphere Application Server Liberty Profile: The Liberty profile offer a minimal SSL configuration that allow a user to only provide a keystore configuration and the rest of the SSL information is filled in by the runtime. When the runtime fills in a SSL configuration it uses SSL_TLS for the IBM SDK for Java and SSL for the Oracle JDK. The minimal configuration may look like this in the server.xml file: <keyStore id="defaultKeyStore" password="yourPassword" /> A ssl element can be added so the default ssl configuration will not use SSLv3. The sslProtocol attribute in the ssl element defines what protocol is used, setting it to TLS will override the default. <ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" sslProtocol="TLS" /> <keyStore id="defaultKeyStore" password="yourPassword" /> If using custom ssl configurations besides the minimal configuration the protocol element needs to be set for each ssl element that is in the server.xml file. For example <ssl id="myCustomSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" clientAuthentication="true" sslProtocol="TLS" /> IBM recommends that you review your entire environment to identify other areas that enable SSLv3 protocol and take appropriate mitigation (such as disabling SSLv3) and remediation actions. Important note IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk. References Complete CVSS Guide On-line Calculator V2 Security Bulletin for IBM HTTP Server Product updates not found when using IBM Installation Manager 126.96.36.199 or older IBM Installation Manager 188.8.131.52 or older cannot connect to HTTPS servers that have SSL security protocol disabled Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 15 October 2014: original document published 20 October 2014: fix quote in wrong location for wsadmin command 22 October 2014: clarified SSL_TLS versus TLS 31 October 2014: added ifixes for remediation *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Cross reference information Segment Product Component Platform Version Edition Application Servers IBM HTTP Server Application Servers WebSphere Application Server Hypervisor Edition Application Servers WebSphere Application Server Liberty Core Application Servers WebSphere Virtual Enterprise Application Servers WebSphere Extended Deployment Compute Grid - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to firstname.lastname@example.org and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVFcYbBLndAQH1ShLAQKxoQ/8C4PRFEBgKEVCeXAcao/BWeeQ0mz/UoQy VYcIHgZY0GAmYYa0GSoQdzygqFsrRpvRxAmBapMqzB6vm5ESY5DwZeKPGpMLu18v YPTw14+rMk6qRGhlU+oARLFSU3pxUfzw9A0D/rnUD9lB97xxBVh6bAcr2xLwdhfl mxRYlp9gJiqX/J6NlxGodvSxmCXvv2wPE+Zrq1YOlaMt5QVGXHc3wVUypiARMR+q mt8qvVD2u/FQtrKJrXo4khrDgCTt0vfCjTE8S3NnLZPKrBseCy2AifpuW+S9GJ83 WdFz5KORWEBGTW8HqUApOGH3oR/SN8ZMLGvu28Zz8ymeM7yRGNImI4qJFr2FT9T/ z6248aytlNUQR6ossldQHXbp/UGQ1JgGxAL+pgkhV1H8qT6KtbM3PbaMO6ewdTPv 7//JrzRvOgWNuAhqkPrVDBVgYcfF8o4gLK4rwNdPE1j5i2vI5lx0jNsvids1Ky13 rKrP/1S9/JaHkStl3h1/2aqN6CglmVu1tk6gL4ua7gfGtzRRCV6RpDZj8EVJlayR utC29GM/dD6JpoQ0R+2K+NlkkgGl2P0HZtNqD15kLzEjwfmuaorIl1KgiRFFYGFD o1ddnPsoV3hsBxC4+SkRyg4b0jGkzHho9frG3KUCIQABXSwI+X68fF48ZWnzLCsh zAvCvMRi/XY= =lryX -----END PGP SIGNATURE-----