Are DataPower appliances affected by the SSL Man-in-the-Middle attack (CVE-2009-3555)?
This document applies only to the following language version(s):
A recently discovered vulnerability in the renegotiation feature of the SSL and TLS protocols allows an attacker to inject an arbitrary string into the SSL session. This vulnerability is commonly referred to as the SSL Man-in-the-Middle (MITM) attack or CVE-2009-3555.
The SSL MITM attack known as CVE-2009-3555 involves an attacker injecting an arbitrary string at the beginning of an SSL data stream and using SSL client authentication credentials or HTTP header credentials from the attacked client to gain improper levels of access. The attack exploits a design flaw in the renegotiation feature of the SSL and TLS protocols. Note that it is up to the SSL server to prevent this attack (the SSL client does not have control over whether or not this attack can be mounted).
The most serious form of CVE-2009-3555 involves the attacker using the SSL client authentication credentials of the attacked client to send an HTTP request of the attacker's choice. A weaker form of CVE-2009-3555 involves the attacker splicing the HTTP header credentials (if any) of the attacked client into an HTTP request of the attacker's choice.
The DataPower appliance SSL server implementation is not vulnerable to either form of this attack when SSL client authentication is used because its implementation requires the client authentication to be performed immediately in the first SSL handshake (unlike vulnerable SSL server implementations that only require the client authentication in a second renegotiation handshake after seeing the request URL).
The DataPower appliance SSL server implementation is vulnerable to the weaker form of this attack when SSL client authentication is not used. Note however that the weaker form of this attack is quite limited since it can only steal HTTP headers from the initial HTTP request of the attacked client. Most HTTP clients do not send authentication credentials in the initial HTTP request headers. Most HTTP clients wait until seeing certain HTTP status codes from the HTTP server before sending any authentication credentials, and HTTP clients like these would not be vulnerable to the weaker form of the CVE-2009-3555 attack.
To confirm whether the DataPower appliance is configured to use SSL client authentication, look at the reverse/server side Crypto Profile of the SSL Proxy Profile in question. If it contains a reference to a Validation Credentials object, then SSL client authentication is in use. Otherwise it is not.
The DataPower organization has resolved this problem (by disabling support for SSL and TLS renegotiation) and issued a fix. This fix is available in the following fix packs:
This fix will be documented as APAR IC64790.
Firmware levels higher than those noted above will include this fix in their base release.
Resolving the problem
Upgrade to one of the releases containing the fix. In the meantime use SSL client authentication to prevent all forms of the attack.
|Business Integration||WebSphere DataPower XML Accelerator XA35||Not Applicable||Firmware||4.0.2, 4.0.1, 3.8.2||Edition Independent|
|Business Integration||WebSphere DataPower XML Security Gateway XS40||Not Applicable||Firmware||4.0.2, 4.0.1, 3.8.2||Edition Independent|
|Business Integration||WebSphere DataPower Integration Appliance XI50||Not Applicable||Firmware||4.0.2, 4.0.1, 3.8.2||Edition Independent|
|Business Integration||WebSphere DataPower B2B Appliance XB60||Not Applicable||Firmware||4.0.2, 4.0.1, 3.8.2||Edition Independent|
|Business Integration||WebSphere DataPower Low Latency Appliance XM70||Not Applicable||Firmware||3.8.2, 4.0.1, 4.0.2||Edition Independent|
More support for:
IBM DataPower Gateways
Software version: 4.0, 5.0.0, 6.0.0, 6.0.1, 7.0.0, 7.1, 7.2
Operating system(s): Firmware
Software edition: Edition Independent
Reference #: 1410851
Modified date: 30 November 2009
Translate this page: