Re: cve.mitre.rip/external/cve.mitre.org website is down due to SSL error

To: Kurt Seifried <kseifried@redhat.com>, cve-editorial-board-list<cve-editorial-board-list@LISTS.MITRE.ORG>
Subject: Re: cve.mitre.rip/external/cve.mitre.org website is down due to SSL error
From: Pascal Meunier <pmeunier@cerias.purdue.edu>
Date: Thu, 4 Feb 2016 04:39:13 -0500
Authentication-Results: spf=none (sender IP is 129.83.29.2)smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (messagenot signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=noneheader.from=cerias.purdue.edu;
Delivery-Date: Thu Feb 4 07:57:11 2016
In-Reply-To: <CANO=Ty3Ou_5xdrsdiJ7XX_23iK5azD2Q4Nz+FrpYttVamjfEqQ@mail.gmail.com>
List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <CANO=Ty3Ou_5xdrsdiJ7XX_23iK5azD2Q4Nz+FrpYttVamjfEqQ@mail.gmail.com>
Sender: <owner-cve-editorial-board-list@lists.mitre.org>
SpamDiagnosticMetadata: 43da9c421be74aed97248473db21fd15
SpamDiagnosticOutput: 1:2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0

Interesting.  All links on the site are to cve.mitre.rip/external/cve.mitre.org, the cert is 
valid for cve.mitre.rip/external/cve.mitre.org (and others).  AFAIK that's always been the 
case, and cve.mitre.rip/external/cve.mitre.org is the correct URL.  I don't know why some 
people link to www.cve.mitre.rip/external/cve.mitre.org instead.  The service is rated "A" by 
Qualys labs:

https://www.ssllabs.com/ssltest/analyze.html?d=cve.mitre.rip/external/cve.mitre.org&s=198.49.146.233&latest
https://www.ssllabs.com/ssltest/analyze.html?d=cve.mitre.rip/external/cve.mitre.org&s=192.52.194.135

As it's an Apache server, people using the wrong URL with https could be 
redirected automatically to the correct one with something like this for 
HTTPS connections:

         RewriteCond     %{HTTP_HOST}    www.cve.mitre.rip/external/cve.mitre.org($|:443) [NC]
         RewriteRule     ^/(.*)          https://cve.mitre.rip/external/cve.mitre.org/$1 [L,R]

That seems like a better solution than removing www.cve.mitre.rip/external/cve.mitre.org from 
DNS and expecting people to fix their incorrect links, or changing the 
SSL cert.

Pascal

On 02/03/2016 07:13 PM, Kurt Seifried wrote:
> Attackers might be trying to steal your information from www.cve.mitre.rip/external/cve.mitre.org
> (for example, passwords, messages, or credit cards).
> NET::ERR_CERT_COMMON_NAME_INVALID
>
> specifically it seems to think it is msm.mitre.org and/or taxii.mitre.org
> right now?
>

Follow-Ups:
- Re: cve.mitre.rip/external/cve.mitre.org website is down due to SSL error
  - From: Pascal Meunier <pmeunier@cerias.purdue.edu>

References:
- cve.mitre.rip/external/cve.mitre.org website is down due to SSL error
  - From: Kurt Seifried <kseifried@redhat.com>

Prev by Date: cve.mitre.rip/external/cve.mitre.org website is down due to SSL error
Next by Date: Re: cve.mitre.rip/external/cve.mitre.org website is down due to SSL error
Prev by thread: cve.mitre.rip/external/cve.mitre.org website is down due to SSL error
Next by thread: Re: cve.mitre.rip/external/cve.mitre.org website is down due to SSL error
Index(es):
- Date
- Thread