SSL/TLS Vector Vulnerability

[TerrZo]

Hello, I really hope this post goes here! If not, then I'm sorry.

Well, the thing is... I run a site which, I tought was perfectly secure. Then, I decided to scan it with Nessus. The resoults were:

Description
: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. 


Description
: The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.

Description: 
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.

Description
The remote host is running Oracle Application Server. 

By sending a specially crafted GET request to the version of Oracle Application Server installed on the remote host, an unauthenticated attacker can access potentially sensitive files listed under the directory '/dav_portal/portal'.

Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.


Since I know how MiTM attacks work, I was wondering how it is possible to perform attacks such as those exploit/web based. I don't know how non-MiTM attacks in this report work. Can someone help me to learn how this attacks are performed?

[anarchy420x]

Hello, I really hope this post goes here! If not, then I'm sorry.

Well, the thing is... I run a site which, I tought was perfectly secure. Then, I decided to scan it with Nessus. The resoults were:

Description
: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. 


Description
: The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.

Description: 
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.

Description
The remote host is running Oracle Application Server. 

By sending a specially crafted GET request to the version of Oracle Application Server installed on the remote host, an unauthenticated attacker can access potentially sensitive files listed under the directory '/dav_portal/portal'.

Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.


Since I know how MiTM attacks work, I was wondering how it is possible to perform attacks such as those exploit/web based. I don't know how non-MiTM attacks in this report work. Can someone help me to learn how this attacks are performed?

I'm going to be honest, Anon; I have issues with the way this was written. You started out talking about how you thought your website was perfectly secure, but it wasn't. Then you list a series of descriptions about possible attacks and then ask how to perform said attacks.

Now Anon, don't mistake me. I do not attack your character or who you are, but I question the legitimacy of your post.
You see Anon, you didn't give us a link to your website. I understand, you don't want us trying to "hack" your website. You fear the "hackers" whom you want to help you.
You didn't ask for help on preventing the attacks, or how to fix the issues laid out for our eyes. You didn't ask any questions about the issues so you could learn for yourself how to prevent attacks. You didn't ask for any resources to try and find the information.

You Anon, simply asked how to perform an attack. Had you of worded this better, you might have gotten a better answer.

Good luck and may someone else be kinder than I.

[LoGiCaL__]

Hello, I really hope this post goes here! If not, then I'm sorry.

Description
: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. 


http://www.sophos.com/en-us/support/knowledgebase/116636.aspx

Description
: The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.

http://wirespeed.xs4all.nl/mediawiki/index.php/The_remote_webserver_supports_the_TRACE_and/or_TRACK_methods

Description: 
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.

http://shalb.com/kb/entry/31705/

Description
The remote host is running Oracle Application Server. 

By sending a specially crafted GET request to the version of Oracle Application Server installed on the remote host, an unauthenticated attacker can access potentially sensitive files listed under the portal/portal'/directory '/dav_

http://shalb.com/kb/entry/32479/

Description
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555

While I tend to agree with anarchy420x here, I provided some links with some information. Hopefully you will be able to find what you are looking for.

[TerrZo]

Hello, as you said I'm trying not to post my website to prevent some things. First, I'm really new to these forums and I starting to trust this community. Second, I have some buddys at work; as I said, I run the site it is not mine and I'm afraid they could think wrong if they see this kind of post. Maybe is something "I must know" as the web runner.
I might not been clear, of course I want information or any resource so I can lear as much as I can. I think I've solved the issues as Nessus said, Nessus puts some links below to "prevent these attacks" and I followed those steps.That's why I did'nt came here to ask how to solve theme since I think they are already solved.

Thanks for your answer anyways! I know, I should've been more clear.

Thanks for your answer too LoGiCaL__, I will follow those links.

[anarchy420x]

You know Logical, It's really hard to help people because of the way they post things. I think that the Disclaimer should be put in a place that stands out more. I honestly didn't see it myself until it was pointed out in a thread I was reading.

Maybe make it a pop up for the first 2 or 3 posts to make sure the message gets across.