Skip to main content

Security Vulnerability for Webcache -- SSL Weak Cipher Suites Supported

SSL Vulnerability with Webcache with SSL Weak Cipher

Following is one of the reports from Nessus.

SSL Weak Cipher Suites Supported

The remote service supports the use of weak SSL ciphers.

The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. Note: This is considerably easier to exploit if the attacker is on the same physical network.

Risk factor:

CVSS Base Score:4.3

See also:

Reconfigure the affected application if possible to avoid use of weak ciphers.

This is usually reported from your security scanner.
It does not matter if you have a strong encryption with 128 bit, it all depends on your SSL Cipher version supported. In security it is said that with a weak SSL cipher version server is still vulnerable to attacks.

There are 3 types of SSL Version,

SSL 2.0, 3.0 and 3.1 or TLS. TLS stands for Transport Layer Security. SSL 2.0 which is the oldest version supported is considered as weak and needs to be disabled.

To get rid of the error first check if your SSL port,

Go to your webcahe home and opmn.

$ORACLE_HOME/opmn/bin/opmnctl status -l

ias-component      | process-type       |     pid | status   |        uid |  memused |    uptime | ports
HTTP_Server        | HTTP_Server        |  933924 | Alive    |  327877050 |     9056 |  00:40:56 | http1:7778,http2:7200
LogLoader          | logloaderd         |     N/A | Down     |        N/A |      N/A |       N/A | N/A
dcm-daemon         | dcm-daemon         |     N/A | Down     |        N/A |      N/A |       N/A | N/A
OC4J               | home               | 1941518 | Alive    |  327877051 |    42648 |  00:40:58 | ajp:12508,rmi:12408,jms:12608
WebCache           | WebCache           | 3408104 | Alive    |  327877052 |   700644 |  00:40:58 | http:7777,invalidation:9401,statistics:9402,https:443,http_1:80
WebCache           | WebCacheAdmin      | 1200336 | Alive    |  327877053 |    18860 |  00:40:58 | administration:9400
DSA                | DSA                |     N/A | Down     |        N/A |      N/A |       N/A | N/A

In my case my https port is 443.

Now use the following command and check if SSLv2 is used.

openssl s_client -ssl2 -connect localhost:443

This gets connected with SSL version v2, it means that SSL 2.0 is enabled and the server is vulnerable to attacks.

To disable SSL 2.0,

Open webcache.xml under $ORACLE_HOME/webcache.

Modify the line below,




Here I have modified SSLENABLED="SSLV3_V2H" to SSLENABLED="SSLV3"

Once the file is modified restart your webcache component.

opmnctl restartproc process-type=WebCache

Now test if SSL 2.0 has been disabled with the same command,

openssl s_client -ssl2 -connect localhost:443
1576972:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

This has wored and you see an handshake failure on port 443.


Guest said…
Hey, nice site you have here! Keep up the excellent work!

ISTQB Training Institute in Chennai
Hello! Nice post! Is this possible to use TLS instead SSL?
sathyaramesh said…
All are saying the same thing repeatedly, but in your blog I had a chance to get some useful and unique information, I love your writing style very much, I would like to suggest your blog in my dude circle, so keep on updates.
Software Testing Training in Chennai
Software Testing Course in Chennai
Hadoop Training in Chennai
Python Training in Chennai
Software Testing Training in Porur
Software Testing Training in Adyar
Software Testing Training in Tnagar

Popular posts from this blog

SQL Interview Questions on Subqueries

SUB Queries:
1. List the employees working in research department 2. List employees who are located in New York and Chicago
3. Display the department name in which ANALYSTS are working
4. Display employees who are reporting to JONES
5. Display all the employees who are reporting to Jones Manager
6. Display all the managers in SALES and ACCOUNTING department
7. Display all the employee names in Research and Sales Department who are having at least 1 person reporting to them
8. Display all employees who do not have any reportees
9. List employees who are having at least 2 reporting
10. List the department names which are having more than 5 employees
11. List department name having at-least 3 salesman
12. List employees from research and accounting having at-least 2 reporting
13. Display second max salary
14. Display 4th max salary
15. Display 5th max salary  -- Answer for nth Max Salary
Co-Related Subqueries:
16. Write a query to get 4th max salary from EMP table
17. Write a query to get 2nd…

'Linux-x86_64 Error: 28: No space left on device' While trying to start the database -- Error

SQL> startup mount pfile='/tmp/initdlfasp12.ora'
ORA-27102: out of memory
Linux-x86_64 Error: 28: No space left on device

This as you can see is on Linux x86 with 64 bit processor. We got this error after we changed SGA on 10gR2 database. So was sure that this is something to do with the OS.

Parameters to check for this are shmall.

shmall is the total amount of shared memory, in pages, that the system can use at one time.

$cat /proc/sys/kernel/shmmax

$ getconf PAGE_SIZE

As per Oracle SHMALL should be set to the total amount of physical RAM divided by page size.

Our system has 64GB memory, so change kernel.shmall = 1024 * 1024 * 1024 * 64 / 4096 = 16777216

Once this value is calculated you can modify Linux system configuration file directly.

$ su - root
vi /etc/sysctl.conf file:


# sysctl -p

Once this is done the database was started without any problem.

Answers for SQL Functions

1. SQL> SELECT empno, ename FROM emp WHERE Length(ename) = 4;

2. SQL> SELECT empno, ename, job FROM emp where Length(job)=7;

3. SQL> SELECT Length('qspiders') - Length(replace('qspiders','s','')) FROM dual;

4. SQL>  SELECT empno, ename, job FROM emp WHERE Instr(job,'MAN') >0;

5. SQL> SELECT empno, ename, job FROM emp WHERE Instr(job, 'MAN') =1;

6. SQL> SELECT empno, ename, job FROM emp WHERE (Length(ename) - Length(Replace(ename, 'L',''))) = 1;

7. SQL> SELECT * FROM dept WHERE Instr(dname,'O') > 0;

8. SQL> SELECT Concat(ename,' working as a ') || Concat(job, ' earns ') || Concat(sal, '  in ') || Conc
at('dept ',deptno) AS text from emp;


SQL> SELECT Concat(Concat(Concat(Concat(Concat(Concat(Concat(ename,' working as a '), job),' earns '), sal),'  in '),'dept '), deptno) AS text FROM emp;

9. SQL> SELECT empno, ename…