IBM Support

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM HTTP Server and Caching Proxy (CVE-2015-2808)

Security Bulletin


Summary

The RC4 "Bar Mitzvah" SSL/TLS may affect some configurations of the IBM HTTP Server and some configurations of the IBM Caching Proxy for WebSphere Application Server.

Vulnerability Details

CVEID: CVE-2015-2808
DESCRIPTION:
The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information. This vulnerability is commonly referred to as "Bar Mitzvah Attack".
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101851 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

The following IBM HTTP Server (IHS) and IBM Caching Proxy for WebSphere Application Server may be affected:

  • Version 8.5.5
  • Version 8.5
  • Version 8.0
  • Version 7.0
  • Version 6.1

Remediation/Fixes

For affected IBM HTTP Server for WebSphere Application Server:
The recommended solutions is to apply the interim fix, Fix Pack or PTF containing APAR PI34229 for each named product as soon as practical. APAR PI34229 defaults to remove the RC4 ciphers from the default list that is used if you do not specify any ciphers.
NOTE: If you specify any ciphers, you will also need to perform some of the steps in the mitigation section.


For V8.5.0.0 through 8.5.5.5 Full Profile:

· Upgrade to a minimum of Fix Pack 8.5.5.2 or later then apply Interim Fix PI34229

--OR--
· Apply Fix Pack 8.5.5.6 or later.


For V8.0 through 8.0.0.10:

· Upgrade to a minimum of Fix Pack 8.0.0.9 or later and then apply Interim Fix PI34229

--OR--
· Apply Fix Pack 8.0.0.11 or later.


For V7.0.0.0 through 7.0.0.37:

· Upgrade to a minimum of Fix Pack 7.0.0.33 or later and then apply Interim Fix PI34229

--OR--
· Apply Fix Pack 7.0.0.39 or later.




You should verify applying this fix does not cause any compatibility issues. The fix disables RC4 stream cipher by default. If you change this setting you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the RC4 stream cipher and take appropriate mitigation and remediation actions.

For unsupported versions IBM recommends upgrading to a fixed support version of the product.

Workarounds and Mitigations

For affected IBM HTTP Server for WebSphere Application Server:

IBM recommends disabling RC4 in IBM HTTP Server. To disable RC4, complete the steps below:



For Version 8.0 and later:
  • A simple way to mitigate this issue is to turn on FIPS140-2 support which will both disable RC4 by default and remove any RC4 ciphers added inadvertently. To enable FIPS140-2, add 'SSLFIPSEnable' to each configuration stanza with 'SSLEnable'

    Note: On z/OS, SSLFIPSEnable is only available in 8.5.5.0 and later and is set once globally instead of per-virtual host.
  • If you cannot enable FIPS140-2 support or if you run into a complication, you must complete all of the following to disable RC4:

      1. To remove RC4 from the defaults, add the following directives to the end of each configuration stanza with 'SSLEnable' (VirtualHost or bottom of httpd.conf if SSLEnable is set globally) This step is not needed if you installed the Interim fix.

        SSLCipherSpec ALL -SSL_RSA_WITH_RC4_128_SHA -SSL_RSA_WITH_RC4_128_MD5
      2. Remove any 'SSLCipherSpec' explicitly enabling RC4 as illustrated below:

        # All of these must be removed to disable RC4
        SSLCipherSpec SSL_RSA_WITH_RC4_128_SHA
        SSLCipherSpec SSL_RSA_WITH_RC4_128_MD5
        SSLCipherSpec 34
        SSLCipherSpec 35
      3. Review the current configuration for SSL ciphers configured via SSLCipherSpec directives with at least two arguments each that add an RC4-based cipher.

        Search for either "RC4" or the numbers "34" and "35" within SSLCipherSpec directives and remove the corresponding ciphers.

          • # For example if a configuration contains:
              SSLCipherSpec TLSv1 +SSL_RSA_WITH_RC4_SHA +TLS_RSA_WITH_AES_128_CBC_SHA
            # Remove the RC4 cipher, changing the directive to:
              SSLCipherSpec TLSv1 +TLS_RSA_WITH_AES_128_CVC_SHA
            Do this for all the 'SSLCipherSpec' directives.

    For Versions 6.0, 6.1, or 7.0:
    • One way to mitigate this issue is to turn on FIPS140-2 support which will both disable RC4 by default and result in a startup error if RC4 is inadvertently enabled.
        • For each existing 'SSLEnable' in your IHS configuration, add 'SSLFIPSEnable'

    • If you do not wish to enable FIPS140-2 support or if you run into a complication, you may do all of the following, whichever applies to your configuration:
      1. If any of the following 'SSLCipherSpec' directives are contained in the configuration, remove them and make sure at least 1 other SSLCipherSpec specifies a SSLv3/TLSv1 cipher. See the following bullet for an example of strong non-RC4 ciphers.

        SSLCipherSpec SSL_RSA_WITH_RC4_128_SHA
        SSLCipherSpec SSL_RSA_WITH_RC4_128_MD5
        SSLCipherSpec 34
        SSLCipherSpec 35
      2. If 'SSLEnable' is configured, but no 'SSLCipherSpec' is specified, explicitly select strong ciphers (excluding RC4) with the following recommended ciphers: This step is not needed if you installed the interim fix.

        SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA
        SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA
        SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA

    For affected IBM Caching Proxy for WebSphere Application Server:

    IBM recommends disabling RC4 in IBM Caching Proxy. To disable RC4, complete the steps below:



    For Version 8.5.5.5 and later:
    • A simple way to mitigate this issue is to turn on FIPS140-2 support which will both disable RC4 by default and remove any RC4 ciphers added inadvertently. To enable FIPS140-2, add the directive 'FIPSEnable on''

    • If you cannot enable FIPS140-2 support or if you run into a complication, you must complete all of the following to disable RC4:

    1. In TLSV11Cipherspecs directive, remove any references to the following ciphers:


      # All of these must be removed to disable RC4
      TLS_RSA_WITH_RC4_128_SHA(05)
      TLS_RSA_WITH_RC4_128_MD5(04)

    2. In V3Cipherspecs directive, remove any references to the following ciphers:

      # All of these must be removed to disable RC4
      TLS_RSA_WITH_RC4_128_SHA(05)
      TLS_RSA_WITH_RC4_128_MD5(04)
      TLS_RSA_EXPORT_WITH_RC4_40_MD5(03)
      TLS_RSA_EXPORT1024_WITH_RC4_56_SHA(64)
    3. In V2Cipherspecs directive, remove any references to the following ciphers:
    1-RC4 US
    2-RC4 Export



    For Versions 8.5.5.4 and earlier:

    • A simple way to mitigate this issue is to turn on FIPS140-2 support which will both disable RC4 by default and remove any RC4 ciphers added inadvertently. To enable FIPS140-2, add the directive 'FIPSEnable on''

    • If you cannot enable FIPS140-2 support or if you run into a complication, you must complete all of the following to disable RC4:

    1. In V3Cipherspecs directive, remove any references to the following ciphers:

      # All of these must be removed to disable RC4
      TLS_RSA_WITH_RC4_128_SHA(05)
      TLS_RSA_WITH_RC4_128_MD5(04)
      TLS_RSA_EXPORT_WITH_RC4_40_MD5(03)
      TLS_RSA_EXPORT1024_WITH_RC4_56_SHA(64)
    2. In V2Cipherspecs directive, remove any references to the following ciphers:
    1-RC4 US

    Get Notified about Future Security Bulletins

    References

    Off

    Acknowledgement

    09 April 2015: original document
    04 May 2015: added Caching Proxy

    *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

    Disclaimer

    According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

    [{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"SSL","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5;8.5;8.0;7.0;6.1","Edition":""},{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Edge Component","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

    Document Information

    Modified date:
    15 June 2018

    UID

    swg21701072