CVE-2014-3577
Loss of Confidentiality vulnerability in httpclient (Maven)
What is CVE-2014-3577 About?
The golang AWS S3 Crypto SDK (V1 prior to 1.34.0) is vulnerable to loss of confidentiality and message forgery due to unauthenticated algorithm parameters for the data encryption key. This allows an attacker with write access to the bucket to switch encryption algorithms and, combined with a decryption oracle, reconstruct plaintext. Exploitation is complex, requiring specific access and the ability to detect decryption failures.
Affected Software
Technical Details
The vulnerability stems from the golang AWS S3 Crypto SDK (V1 prior to 1.34.0) not authenticating algorithm parameters for the data encryption key. An attacker with write access to the S3 bucket can modify an object's metadata to change its encryption algorithm, for instance, from AES-GCM to AES-CBC. If an endpoint revealing decryption failures (a decryption oracle) is accessible, the attacker can then perform a padding oracle attack. The proof of concept demonstrates crafting forged ciphertexts (using specific IV manipulations) to guess plaintext blocks. By observing valid PKCS5 padding responses via the decryption oracle, the attacker can progressively reconstruct the original plaintext. This particular attack leverages the difference in decryption mechanisms between AES-GCM (which uses CTR-like mode) and AES-CBC combined with PKCS5 padding, crafting an IV and ciphertext block to reveal plaintext guesses based on padding validity checks.
What is the Impact of CVE-2014-3577?
Successful exploitation may allow attackers to achieve loss of confidentiality through plaintext recovery, bypass KMS controls for stored data, or perform message forgery.
What is the Exploitability of CVE-2014-3577?
Exploitation of this vulnerability is highly complex and requires multiple conditions. The attacker must have write access to the S3 bucket containing the encrypted objects. Additionally, the attacker needs access to a 'decryption oracle' endpoint that reveals decryption failures without exposing the plaintext itself, and the original encryption must have used the GCM content cipher option. This is a remote exploitation scenario, attacking the integrity of encrypted data. There are no direct authentication requirements beyond the initial write access to the S3 bucket. Special conditions include the specific encryption algorithms used and the presence of the decryption oracle. Risk factors are significantly increased in environments where attackers can gain write access to S3 buckets containing sensitive encrypted data, especially if internal services provide decryption oracle functionality.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2014-3577?
Available Upgrade Options
- org.apache.httpcomponents:httpclient
- <4.3.5 → Upgrade to 4.3.5
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
- https://osv.dev/vulnerability/GHSA-cfh5-3ghh-wfjx
- http://rhn.redhat.com/errata/RHSA-2015-0765.html
- http://rhn.redhat.com/errata/RHSA-2015-1888.html
- https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html
- http://rhn.redhat.com/errata/RHSA-2015-1177.html
- http://rhn.redhat.com/errata/RHSA-2014-1834.html
- http://rhn.redhat.com/errata/RHSA-2015-0125.html
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
What are Similar Vulnerabilities to CVE-2014-3577?
Similar Vulnerabilities: CVE-2016-5690 , CVE-2019-1551 , CVE-2019-1550 , CVE-2013-0169 , CVE-2014-3571
