[Bug 1056758] [NEW] Data over Port 443 not encrypted

Phoenix 1056758 at bugs.launchpad.net
Wed Sep 26 10:18:39 UTC 2012 

*** This bug is a security vulnerability ***

Private security bug reported:

This is the PHP Script on the server:

<?php

if (isset($_SERVER['HTTPS']) )
{
    echo "SECURE: This page is being accessed through a secure connection.<br><br>";
}
else
{
    echo "UNSECURE: This page is being access through an unsecure connection.<br><br>";
}

This is what happens if a regular browser access the page
--(pmorger at laptop-pmorger)-(0.54)-(13)-(pts/6)-(12:04:05/Wed Sep 26)--
--($:~)-- lynx --dump https://www.dominion.ch/ssl.php
   SECURE: This page is being accessed through a secure connection.

This happens if I do telnet on the port

--(pmorger at laptop-pmorger)-(0.50)-(14)-(pts/6)-(12:04:09/Wed Sep 26)--
--($:~)-- telnet www.dominion.ch 443
Trying 212.25.4.26...
Connected to sanity.dominion.ch.
Escape character is '^]'.
GET /

GET /ssl.php
UNSECURE: This page is being access through an unsecure connection.<br><br>Connection closed by foreign host.


The initial GET is not answered, BUT THE SECOND is and it IS CLEARTEXT. Verified with tcpdump

This is very disturbing.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: apache2 2.2.22-1ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27
Uname: Linux 3.2.0-30-generic x86_64
Apache2ConfdDirListing: ['charset', 'modsecurity2.conf', 'other-vhosts-access-log', 'phpmyadmin.conf', 'security', 'localized-error-pages']
ApportVersion: 2.0.1-0ubuntu13
Architecture: amd64
Date: Wed Sep 26 10:12:43 2012
ProcEnviron:
 LC_CTYPE=en_US.UTF-8
 TERM=screen
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: apache2
UpgradeStatus: Upgraded to precise on 2012-08-31 (25 days ago)
modified.conffile..etc.apache2.ports.conf: [modified]
mtime.conffile..etc.apache2.ports.conf: 2011-10-10T16:42:13.940099

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug precise

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1056758

Title:
  Data over Port 443 not encrypted

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1056758/+subscriptions

More information about the Ubuntu-server-bugs mailing list