CVE-2019-1559 : If an application encounters a fatal protocol error and then calls SSL

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Published 2019-02-27 23:29:00

Updated 2022-08-19 11:14:33

Source OpenSSL Software Foundation

View at NVD, CVE.org

Products affected by CVE-2019-1559

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Web Server » Version: 5.0.0
cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 6.0
When used together with: Redhat » Enterprise Linux » Version: 7.0
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Virtualization » Version: 4.0
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 7.0
Redhat » Virtualization Host » Version: 4.0
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 7.0
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.55
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
Matching versions
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.56
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
Matching versions
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.57
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.0.15
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.6.0 and up to, including, (<=) 5.6.43
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.7.0 and up to, including, (<=) 5.7.25
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Jd Edwards Enterpriseone Tools » Version: 9.2
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Enterprise Monitor
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.0.14
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Enterprise Monitor
Versions up to, including, (<=) 4.0.8
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Matching versions
Oracle » Secure Global Desktop » Version: 5.4
cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
Matching versions
Oracle » Api Gateway » Version: 11.1.2.4.0
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Business Intelligence » Version: 11.1.1.9.0 Enterprise Edition
cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Business Intelligence » Version: 12.2.1.3.0 Enterprise Edition
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Business Intelligence » Version: 12.2.1.4.0 Enterprise Edition
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Enterprise Manager Ops Center » Version: 12.3.3
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
Matching versions
Oracle » Enterprise Manager Ops Center » Version: 12.4.0
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Enterprise Manager Base Platform » Version: 13.2.0.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Enterprise Manager Base Platform » Version: 13.3.0.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Enterprise Manager Base Platform » Version: 12.1.0.5.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Workbench
Versions up to, including, (<=) 8.0.16
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Diameter Signaling Router » Version: 8.0.0
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Diameter Signaling Router » Version: 8.1
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Diameter Signaling Router » Version: 8.2
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Diameter Signaling Router » Version: 8.3
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Diameter Signaling Router » Version: 8.4
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*
Matching versions
Oracle » Jd Edwards World Security » Version: A9.4
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
Matching versions
Oracle » Jd Edwards World Security » Version: A9.3
cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*
Matching versions
Oracle » Jd Edwards World Security » Version: A9.3.1
cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Border Controller » Version: 8.0.0
cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Border Controller » Version: 8.1.0
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Border Controller » Version: 8.3
cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Border Controller » Version: 8.2
cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Border Controller » Version: 7.4
cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Performance Intelligence Center » Version: 10.4.0.2
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Services Tools Bundle » Version: 19.2
cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Router » Version: 7.4
cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Router » Version: 8.0
cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Router » Version: 8.1
cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Router » Version: 8.2
cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Session Router » Version: 8.3
cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Unified Session Manager » Version: 7.3.5
cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Unified Session Manager » Version: 8.2.5
cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*
Matching versions
Oracle » Endeca Server » Version: 7.7.0
cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl
Versions from including (>=) 1.0.2 and before (<) 1.0.2r
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Local Traffic Manager
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Global Traffic Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Security Manager
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Access Policy Manager
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Webaccelerator
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Webaccelerator
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Webaccelerator
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Webaccelerator
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Edge Gateway
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Edge Gateway
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Edge Gateway
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Edge Gateway
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Link Controller
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Analytics
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Application Acceleration Manager
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Advanced Firewall Manager
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Policy Enforcement Manager
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-iq Centralized Management
Versions from including (>=) 7.0.0 and up to, including, (<=) 7.1.0
cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-iq Centralized Management
Versions from including (>=) 6.0.0 and up to, including, (<=) 6.1.0
cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Domain Name System
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 13.0.0 and up to, including, (<=) 13.1.3
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 15.0.0 and up to, including, (<=) 15.1.0
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 12.1.0 and up to, including, (<=) 12.1.5
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Big-ip Fraud Protection Service
Versions from including (>=) 14.0.0 and up to, including, (<=) 14.1.2
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Matching versions
F5 » Traffix Signaling Delivery Controller
Versions from including (>=) 5.0.0 and up to, including, (<=) 5.1.0
cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*
Matching versions
F5 » Traffix Signaling Delivery Controller » Version: 4.4.0
cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*
Matching versions
Mcafee » Agent
Versions from including (>=) 5.6.0 and up to, including, (<=) 5.6.4
cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*
Matching versions
Mcafee » Web Gateway
Versions from including (>=) 7.0.0 and before (<) 9.0.0
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
Matching versions
Mcafee » Data Exchange Layer
Versions from including (>=) 4.0.0 and before (<) 6.0.0
cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*
Matching versions
Mcafee » Threat Intelligence Exchange Server
Versions from including (>=) 2.0.0 and before (<) 3.0.0
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 29
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 42.3
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapdrive » Version: N/A For Unix
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
Matching versions
Netapp » Snapdrive » Version: N/A For Windows
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
Matching versions
Netapp » Oncommand Unified Manager Core Package » Version: N/A
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
Matching versions
Netapp » Altavault » Version: N/A
cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hyper Converged Infrastructure » Version: N/A
cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Unified Manager » Version: N/A
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Unified Manager » Version: N/A For Vsphere
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*
Matching versions
Netapp » Element Software » Version: N/A
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
Matching versions
Netapp » Ontap Select Deploy » Version: N/A
cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » Storage Automation Store » Version: N/A
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapcenter » Version: N/A
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Matching versions
Netapp » Ontap Select Deploy Administration Utility » Version: N/A
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Matching versions
Netapp » Santricity Smi-s Provider » Version: N/A
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
Matching versions
Netapp » Storagegrid
Versions from including (>=) 9.0.0 and up to, including, (<=) 9.0.4
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*
Matching versions
Netapp » Storagegrid » Version: N/A
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
Matching versions
Netapp » Service Processor » Version: N/A
cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
Matching versions
Netapp » Cn1610 Firmware » Version: N/A
cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Cn1610 » Version: N/A
Netapp » Clustered Data Ontap Antivirus Connector » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
Matching versions
Netapp » Smi-s Provider » Version: N/A
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Management Node » Version: N/A
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire » Version: N/A
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Compute Node » Version: N/A
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Vmware Vsphere
Versions from including (>=) 9.5
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Windows
Versions from including (>=) 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Windows
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
Matching versions
Netapp » Snapprotect » Version: N/A
cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*
Matching versions
Netapp » A320 Firmware » Version: N/A
cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » A320 » Version: N/A
Netapp » C190 Firmware » Version: N/A
cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » C190 » Version: N/A
Netapp » A220 Firmware » Version: N/A
cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » A220 » Version: N/A
Netapp » Fas2720 Firmware » Version: N/A
cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas2720 » Version: N/A
Netapp » Fas2750 Firmware » Version: N/A
cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas2750 » Version: N/A
Netapp » A800 Firmware » Version: N/A
cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » A800 » Version: N/A
Nodejs » Node.js »
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.8.1
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Matching versions
Nodejs » Node.js » LTS Edition
Versions from including (>=) 8.9.0 and before (<) 8.15.1
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Matching versions
Nodejs » Node.js »
Versions from including (>=) 6.0.0 and up to, including, (<=) 6.8.1
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Matching versions
Nodejs » Node.js » LTS Edition
Versions from including (>=) 6.9.0 and before (<) 6.17.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Matching versions
Paloaltonetworks » Pan-os
Versions from including (>=) 8.1.0 and before (<) 8.1.8
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Matching versions
Paloaltonetworks » Pan-os
Versions from including (>=) 8.0.0 and before (<) 8.0.20
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Matching versions
Paloaltonetworks » Pan-os
Versions from including (>=) 9.0.0 and before (<) 9.0.2
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Matching versions
Paloaltonetworks » Pan-os
Versions from including (>=) 7.1.0 and before (<) 7.1.15
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Matching versions
Tenable » Nessus
Versions up to, including, (<=) 8.2.3
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2019-1559

Top countries where our scanners detected CVE-2019-1559

Top open port discovered on systems with this issue 22

IPs affected by CVE-2019-1559 701

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-1559!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2019-1559

EPSS FAQ

4.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-1559

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2019-1559

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-1559

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/

[SECURITY] Fedora 30 Update: compat-openssl10-1.0.2o-7.fc30 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujan2020.html

Oracle Critical Patch Update Advisory - January 2020
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/

[SECURITY] Fedora 31 Update: compat-openssl10-1.0.2o-8.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20190301-0002/

NetApp Product Security
Broken Link;Third Party Advisory
https://support.f5.com/csp/article/K18549143

Third Party Advisory
https://usn.ubuntu.com/3899-1/

USN-3899-1: OpenSSL vulnerability | Ubuntu security notices
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3931

RHSA-2019:3931 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Page not found | Oracle
Patch;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html

[security-announce] openSUSE-SU-2019:1175-1: moderate: Security update f
Mailing List;Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Oracle Critical Patch Update - July 2019
Patch;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/

[SECURITY] Fedora 29 Update: compat-openssl10-1.0.2o-7.fc29 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html

[security-announce] openSUSE-SU-2019:1173-1: moderate: Security update f
Mailing List;Third Party Advisory

CVEs referencing this url
https://kc.mcafee.com/corporate/index?page=content&id=SB10282

McAfee Security Bulletin - Multiple McAfee product updates fix OpenSSL vulnerabilities (CVE-2019-1559)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2437

RHSA-2019:2437 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20190423-0002/

April 2019 MySQL Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujan2021.html

Oracle Critical Patch Update Advisory - January 2021
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Oracle Critical Patch Update - April 2019
Patch;Third Party Advisory

CVEs referencing this url
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e

git.openssl.org Git - openssl.git/commitdiff
Patch;Third Party Advisory
https://security.netapp.com/advisory/ntap-20190301-0001/

CVE-2019-1559 OpenSSL Vulnerability in NetApp Products | NetApp Product Security
Patch;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html

[security-announce] openSUSE-SU-2019:1076-1: moderate: Security update f
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.tenable.com/security/tns-2019-02

[R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®
Patch;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:2304

RHSA-2019:2304 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS

Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html

[SECURITY] [DLA 1701-1] openssl security update
Mailing List;Third Party Advisory
https://www.debian.org/security/2019/dsa-4400

Debian -- Security Information -- DSA-4400-1 openssl1.0
Third Party Advisory
https://security.gentoo.org/glsa/201903-10

OpenSSL: Multiple vulnerabilities (GLSA 201903-10) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:3929

RHSA-2019:3929 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html

[security-announce] openSUSE-SU-2019:1637-1: moderate: Security update f
Mailing List;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html

[security-announce] openSUSE-SU-2019:1105-1: moderate: Security update f
Mailing List;Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2471

RHSA-2019:2471 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://www.tenable.com/security/tns-2019-03

[R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability - Security Advisory | Tenable®
Third Party Advisory
https://www.openssl.org/news/secadv/20190226.txt

Vendor Advisory
http://www.securityfocus.com/bid/107174

OpenSSL CVE-2019-1559 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html

[security-announce] openSUSE-SU-2019:1432-1: moderate: Security update f
Mailing List;Third Party Advisory
https://usn.ubuntu.com/4376-2/

USN-4376-2: OpenSSL vulnerabilities | Ubuntu security notices | Ubuntu
Broken Link

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:2439

RHSA-2019:2439 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url