Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-3569
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:17.405Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "71934", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/71934" }, { "name": "HPSBOV03318", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "openSUSE-SU-2015:0130", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html" }, { "name": "HPSBMU03409", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "name": "HPSBMU03380", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "1033378", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1033378" }, { "name": "HPSBHF03289", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "MDVSA-2015:019", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b" }, { "name": "HPSBUX03244", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102" }, { "name": "SUSE-SU-2015:0946", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "name": "HPSBMU03397", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "name": "HPSBMU03396", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "name": "HPSBUX03162", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "name": "MDVSA-2015:062", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.citrix.com/article/CTX216642" }, { "name": "HPSBMU03413", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "name": "SSRT101885", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5" }, { "name": "DSA-3125", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3125" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-10-20T00:00:00", "descriptions": [ { "lang": "en", "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-14T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "71934", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/71934" }, { "name": "HPSBOV03318", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "openSUSE-SU-2015:0130", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html" }, { "name": "HPSBMU03409", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "name": "HPSBMU03380", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "1033378", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1033378" }, { "name": "HPSBHF03289", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "MDVSA-2015:019", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b" }, { "name": "HPSBUX03244", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102" }, { "name": "SUSE-SU-2015:0946", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "name": "HPSBMU03397", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "name": "HPSBMU03396", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "name": "HPSBUX03162", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "name": "MDVSA-2015:062", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.citrix.com/article/CTX216642" }, { "name": "HPSBMU03413", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "name": "SSRT101885", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5" }, { "name": "DSA-3125", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3125" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3569", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "71934", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71934" }, { "name": "HPSBOV03318", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "openSUSE-SU-2015:0130", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" }, { "name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html", "refsource": "CONFIRM", "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html" }, { "name": "HPSBMU03409", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2014-3569", "refsource": "CONFIRM", "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "name": "HPSBMU03380", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "1033378", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033378" }, { "name": "HPSBHF03289", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "https://www.openssl.org/news/secadv_20150108.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "MDVSA-2015:019", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b" }, { "name": "HPSBUX03244", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102" }, { "name": "SUSE-SU-2015:0946", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "name": "HPSBMU03397", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "name": "HPSBMU03396", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "name": "HPSBUX03162", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "name": "MDVSA-2015:062", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "name": "https://support.citrix.com/article/CTX216642", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX216642" }, { "name": "HPSBMU03413", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "name": "SSRT101885", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "name": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest", "refsource": "CONFIRM", "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest" }, { "name": "https://bto.bluecoat.com/security-advisory/sa88", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5" }, { "name": "DSA-3125", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3125" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3569", "datePublished": "2014-12-24T11:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.405Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2014-3569\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-12-24T11:59:00.057\",\"lastModified\":\"2024-11-21T02:08:24.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ssl23_get_client_hello en s23_srvr.c en OpenSSL 0.9.8zc, 1.0.0o y 1.0.1j no maneja adecuadamente los intentos de utilizar protocolos no soportados, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de demonio) a trav\u00e9s de un apret\u00f3n de manos no esperado, seg\u00fan lo demostrado por un apret\u00f3n de manos SSLv3 a una aplicaci\u00f3n no-ssl3 con ciertos manejos de errores. NOTA: este problema se volvi\u00f3 relevante despu\u00e9s de la correcci\u00f3n de CVE-2014-3568.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3703E445-17C0-4C85-A496-A35641C0C8DB\"}]}]}],\"references\":[{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3125\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:019\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/71934\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1033378\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa88\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2014-3569\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT204659\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.citrix.com/article/CTX216642\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.openssl.org/news/secadv_20150108.txt\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/71934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1033378\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa88\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2014-3569\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT204659\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.citrix.com/article/CTX216642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssl.org/news/secadv_20150108.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/476.html\\\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e\"}}" } }
gsd-2014-3569
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2014-3569", "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.", "id": "GSD-2014-3569", "references": [ "https://www.suse.com/security/cve/CVE-2014-3569.html", "https://www.debian.org/security/2015/dsa-3125", "https://advisories.mageia.org/CVE-2014-3569.html", "https://alas.aws.amazon.com/cve/html/CVE-2014-3569.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2014-3569" ], "details": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.", "id": "GSD-2014-3569", "modified": "2023-12-13T01:22:53.101328Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3569", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "71934", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71934" }, { "name": "HPSBOV03318", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "openSUSE-SU-2015:0130", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" }, { "name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html", "refsource": "CONFIRM", "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html" }, { "name": "HPSBMU03409", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2014-3569", "refsource": "CONFIRM", "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "name": "HPSBMU03380", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "1033378", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033378" }, { "name": "HPSBHF03289", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "https://www.openssl.org/news/secadv_20150108.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "MDVSA-2015:019", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b" }, { "name": "HPSBUX03244", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102" }, { "name": "SUSE-SU-2015:0946", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "name": "HPSBMU03397", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "name": "HPSBMU03396", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "name": "HPSBUX03162", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "name": "MDVSA-2015:062", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "name": "https://support.citrix.com/article/CTX216642", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX216642" }, { "name": "HPSBMU03413", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "name": "SSRT101885", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "name": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest", "refsource": "CONFIRM", "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest" }, { "name": "https://bto.bluecoat.com/security-advisory/sa88", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5" }, { "name": "DSA-3125", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3125" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3569" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5", "refsource": "CONFIRM", "tags": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5" }, { "name": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest", "refsource": "CONFIRM", "tags": [], "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d", "refsource": "CONFIRM", "tags": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d" }, { "name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html", "refsource": "CONFIRM", "tags": [], "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b", "refsource": "CONFIRM", "tags": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2014-3569", "refsource": "CONFIRM", "tags": [], "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569" }, { "name": "https://www.openssl.org/news/secadv_20150108.txt", "refsource": "CONFIRM", "tags": [], "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "name": "MDVSA-2015:019", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" }, { "name": "71934", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/71934" }, { "name": "DSA-3125", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2015/dsa-3125" }, { "name": "SSRT101885", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "name": "openSUSE-SU-2015:0130", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "refsource": "CISCO", "tags": [], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" }, { "name": "HPSBHF03289", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "name": "MDVSA-2015:062", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "tags": [], "url": "https://support.apple.com/HT204659" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "name": "SUSE-SU-2015:0946", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "name": "HPSBMU03397", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "name": "HPSBMU03413", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "name": "HPSBMU03380", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "HPSBMU03409", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "name": "HPSBOV03318", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "name": "HPSBMU03396", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "name": "HPSBUX03162", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "name": "https://bto.bluecoat.com/security-advisory/sa88", "refsource": "CONFIRM", "tags": [], "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679", "refsource": "CONFIRM", "tags": [], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679" }, { "name": "1033378", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1033378" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108", "refsource": "CONFIRM", "tags": [], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102", "refsource": "CONFIRM", "tags": [], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "https://support.citrix.com/article/CTX216642", "refsource": "CONFIRM", "tags": [], "url": "https://support.citrix.com/article/CTX216642" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2017-11-15T02:29Z", "publishedDate": "2014-12-24T11:59Z" } } }
var-201412-0519
Vulnerability from variot
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. This vulnerability CVE-2014-3568 It became the problem after the correction. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:01.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2015-01-14 Affects: All supported versions of FreeBSD. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2014-3570]
III. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB QCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q U7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL JSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR 4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY fIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3 DJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa xOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq aQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0 sJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp i5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J 6FLFZ38YkLcUIzW6I6Kc =ztFk -----END PGP SIGNATURE----- .
References:
CVE-2015-0235 (SSRT101953) CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP ThinPro Linux (x86) v5.1 HP ThinPro Linux (x86) v5.0 HP ThinPro Linux (x86) v4.4 HP ThinPro Linux (x86) v4.3 HP ThinPro Linux (x86) v4.2 HP ThinPro Linux (x86) v4.1 HP ThinPro Linux (ARM) v4.4 HP ThinPro Linux (ARM) v4.3 HP ThinPro Linux (ARM) v4.2 HP ThinPro Linux (ARM) v4.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software updates to resolve the vulnerability for HP ThinPro Linux.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. OpenSSL Security Advisory [08 Jan 2015] =======================================
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:
) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04556853
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04556853 Version: 1
HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-02-25 Last Updated: 2015-02-25
Potential Security Impact: Remote Denial of Service (DoS) and other vulnerabilites
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8ze
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08ze.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 25 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0519", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 2.4, "vendor": "openssl", "version": "1.0.1j" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.3.5" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.2.5" }, { "model": "bladecenter advanced management module 3.66k", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "0.9.8zc" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0o" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.2" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "integrated lights out manager", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(sun system firmware) 8.7.2.b" }, { "model": "integrated lights out manager", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(sun system firmware) 9.4.2e" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.22" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle mobile security suite mss 3.0" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.2" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.1" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.2" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.3" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.4" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.1" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.2" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.3" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.4" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.1" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.5" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22025850" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.4" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "project openssl 1.0.0p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "junos os 13.3r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.19" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70104.1" }, { "model": "insight control server provisioning", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "prime security manager 04.8 qa08", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79550" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "app for netapp data ontap", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073830" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.2.2.2" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37001.1" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310025820" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.4" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.11" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.8" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087380" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "project openssl 1.0.1k", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50001.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ctpview", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.8" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "system management homepage c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.4(7.26)" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.0.10" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.19" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.10" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "app for stream", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.3" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(5.106)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.3" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.1.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1.8" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22079060" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.1" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "physical access gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.4" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88042590" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "application policy infrastructure controller 1.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.1.3.3" }, { "model": "openflow agent", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ace30 application control engine module 3.0 a5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos os 12.3r10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.2" }, { "model": "unified computing system b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.6" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.7" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087220" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize 6.4storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3500v3700" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "wag310g residential gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cognos controller if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.3" }, { "model": "sametime community server hf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.7" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2" }, { "model": "linux enterprise server for vmware sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1(0.625)" }, { "model": "agent desktop", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88079030" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "sametime community server limited use", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087370" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "ctpos 7.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "system management homepage a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11.197" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "system m4 hd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054600" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22279160" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "project openssl 0.9.8zd", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ringmaster appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.19" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.5" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "ctpview 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.1" }, { "model": "cognos controller interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.5" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.5" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "system m4 bd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054660" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.19" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "src series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "bladecenter t advanced management module 32r0835", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "iptv", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325025830" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "web security appliance 9.0.0 -fcs", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mint", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage 7.3.2.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.3" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x330073820" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ctp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "ctpos 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363071580" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.5" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.5" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.2" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734-" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.5" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.3" }, { "model": "mobile wireless transport manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24078630" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087330" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24089560" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.1" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.1.8" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.3" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x353071600" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.7" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0(4.29)" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.5" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "mobile security suite mss", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.6" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.7" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "cognos controller if3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.6" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.2" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.1" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pulse secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087180" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731-" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "server migration pack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "cognos controller fp1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.3" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2(3.1)" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.4" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079140" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "server migration pack", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087520" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.2" }, { "model": "vds service broker", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35001.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.5" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.2" }, { "model": "app for vmware", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "junos os 12.3x48-d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "004.000(1233)" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.10" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.7" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "ctpos 6.6r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cloud", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos os 13.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "matrix operating environment", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87104.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "ios 15.5 s", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "prime performance manager for sps ppm sp1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.6" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x44079170" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.1.2" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.8" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.5" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.8" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "71934" }, { "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "db": "CNNVD", "id": "CNNVD-201411-496" }, { "db": "NVD", "id": "CVE-2014-3569" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:openssl:openssl", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:mysql", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:communications_core_session_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:fusion_middleware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:oracle:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:virtualization_secure_global_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:thinpro_linux", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007389" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" } ], "trust": 0.6 }, "cve": "CVE-2014-3569", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2014-3569", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-3569", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-3569", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201411-496", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3569", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3569" }, { "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "db": "CNNVD", "id": "CNNVD-201411-496" }, { "db": "NVD", "id": "CVE-2014-3569" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. This vulnerability CVE-2014-3568 It became the problem after the correction. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:01.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-01-14\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. [CVE-2014-3570]\n\nIII. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150108.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:01.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.1 (FreeBSD)\n\niQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB\nQCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q\nU7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL\nJSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR\n4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY\nfIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3\nDJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa\nxOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq\naQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0\nsJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp\ni5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J\n6FLFZ38YkLcUIzW6I6Kc\n=ztFk\n-----END PGP SIGNATURE-----\n. \n\nReferences:\n\nCVE-2015-0235 (SSRT101953)\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP ThinPro Linux (x86) v5.1\nHP ThinPro Linux (x86) v5.0\nHP ThinPro Linux (x86) v4.4\nHP ThinPro Linux (x86) v4.3\nHP ThinPro Linux (x86) v4.2\nHP ThinPro Linux (x86) v4.1\nHP ThinPro Linux (ARM) v4.4\nHP ThinPro Linux (ARM) v4.3\nHP ThinPro Linux (ARM) v4.2\nHP ThinPro Linux (ARM) v4.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software updates to resolve the vulnerability\nfor HP ThinPro Linux. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. OpenSSL Security Advisory [08 Jan 2015]\n=======================================\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n===========================================================\n\nSeverity: Moderate\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. This could lead to a Denial Of Service attack. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of\nCisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL\ncore team. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also\nprovided an initial patch. Further analysis was performed by Matt Caswell of the\nOpenSSL development team, who also developed the final patch. \n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n=========================================================\n\nSeverity: Low\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The\nfix was developed by Kurt Roeckx. \n\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n==========================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite\nusing an ECDSA certificate if the server key exchange message is omitted. This\neffectively removes forward secrecy from the ciphersuite. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n==============================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n=============================================================================\n\nSeverity: Low\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n========================================================\n\nSeverity: Low\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and\n0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nOne variant of this issue was discovered by Antti Karjalainen and\nTuomo Untinen from the Codenomicon CROSS program and reported to\nOpenSSL on 1st December 2014 by NCSC-FI Vulnerability\nCo-ordination. Another variant was independently reported to OpenSSL\non 12th December 2014 by Konrad Kraszewski from Google. Further\nanalysis was conducted and fixes were developed by Stephen Henson of\nthe OpenSSL core team. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille\n(Blockstream) who also suggested an initial fix. Further analysis was\nconducted by the OpenSSL development team and Adam Langley of\nGoogle. The final fix was developed by Andy Polyakov of the OpenSSL\ncore team. \n\n[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf\n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150108.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04556853\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04556853\nVersion: 1\n\nHPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of\nService (DoS) and Other Vulnerabilites\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-02-25\nLast Updated: 2015-02-25\n\nPotential Security Impact: Remote Denial of Service (DoS) and other\nvulnerabilites\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilites. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8ze\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08ze.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 25 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2014-3569" }, { "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "db": "BID", "id": "71934" }, { "db": "VULMON", "id": "CVE-2014-3569" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "129867" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3569", "trust": 3.6 }, { "db": "JUNIPER", "id": "JSA10679", "trust": 1.4 }, { "db": "BID", "id": "71934", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10108", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10102", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033378", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98974537", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91828320", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-007389", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2020.4252", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201411-496", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-3569", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133317", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129973", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137292", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132763", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129867", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130548", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130545", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3569" }, { "db": "BID", "id": "71934" }, { "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "129867" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "CNNVD", "id": "CNNVD-201411-496" }, { "db": "NVD", "id": "CVE-2014-3569" } ] }, "id": "VAR-201412-0519", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4209152 }, "last_update_date": "2024-11-29T22:27:49.961000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "#3571: Re: [PATCH] Segfault in 1.0.1j BIO_reset() compiled", "trust": 1.6, "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest" }, { "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "title": "HT204659", "trust": 0.8, "url": "http://support.apple.com/en-us/HT204659" }, { "title": "HT204659", "trust": 0.8, "url": "http://support.apple.com/ja-jp/HT204659" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" }, { "title": "HPSBMU03397", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "title": "HPSBMU03409", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "title": "HPSBHF03289", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "title": "HPSBMU03413", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "title": "HPSBOV03318", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "title": "HPSBUX03162", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "title": "HPSBMU03380", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "title": "HPSBUX03244 SSRT101885", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04556853" }, { "title": "HPSBMU03396", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "title": "HPSBMU03611", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150888" }, { "title": "HPSBMU03612", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158380" }, { "title": "NV15-017", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html" }, { "title": "commit 392fa7a", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5" }, { "title": "commit b829247", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b" }, { "title": "no-ssl3 configuration sets method to NULL (CVE-2014-3569)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "title": "commit 6ce9687", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Oracle Third Party Bulletin - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "CVE-2014-3569", "trust": 0.8, "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569" }, { "title": "CVE-2014-3569", "trust": 0.8, "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/JP/112/1128/1128755_cisco-sa-20150310-ssl-j.html" }, { "title": "TLSA-2015-2", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2015/TLSA-2015-2j.html" }, { "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://buffalo.jp/support_s/s20150327b.html" }, { "title": "ssl-s23_srvr.c", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52963" }, { "title": "Red Hat: CVE-2014-3569", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-3569" }, { "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807" }, { "title": "Amazon Linux AMI: ALAS-2015-469", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-469" }, { "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3569" }, { "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "db": "CNNVD", "id": "CNNVD-201411-496" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "db": "NVD", "id": "CVE-2014-3569" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "trust": 1.1, "url": "https://support.apple.com/ht204659" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033378" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3125" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/71934" }, { "trust": 1.1, "url": "https://security-tracker.debian.org/tracker/cve-2014-3569" }, { "trust": 1.1, "url": "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3569.html" }, { "trust": 1.1, "url": "http://rt.openssl.org/ticket/display.html?id=3571\u0026user=guest\u0026pass=guest" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=b82924741b4bd590da890619be671f4635e46c2b" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98974537/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91828320/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3569" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4252/" }, { "trust": 0.5, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.5, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/160" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903784" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902374" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959633" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.2, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3569" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38390" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20150108.txt\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.1, "url": "http://www.hpe.com/info/insightcontrol" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.1, "url": "http://www.hp.com/go/smh" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "https://www.openssl.org/about/releasestrat.html)," }, { "trust": 0.1, "url": "https://www.openssl.org/about/secpolicy.html" }, { "trust": 0.1, "url": "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3569" }, { "db": "BID", "id": "71934" }, { "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "129867" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "CNNVD", "id": "CNNVD-201411-496" }, { "db": "NVD", "id": "CVE-2014-3569" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3569" }, { "db": "BID", "id": "71934" }, { "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "129867" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "CNNVD", "id": "CNNVD-201411-496" }, { "db": "NVD", "id": "CVE-2014-3569" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-24T00:00:00", "db": "VULMON", "id": "CVE-2014-3569" }, { "date": "2014-10-17T00:00:00", "db": "BID", "id": "71934" }, { "date": "2014-12-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "date": "2015-08-26T01:33:18", "db": "PACKETSTORM", "id": "133317" }, { "date": "2015-01-15T16:53:07", "db": "PACKETSTORM", "id": "129973" }, { "date": "2015-03-24T17:05:09", "db": "PACKETSTORM", "id": "130987" }, { "date": "2016-06-02T19:12:12", "db": "PACKETSTORM", "id": "137292" }, { "date": "2015-07-21T13:37:51", "db": "PACKETSTORM", "id": "132763" }, { "date": "2015-01-09T02:01:10", "db": "PACKETSTORM", "id": "129867" }, { "date": "2015-02-26T17:13:45", "db": "PACKETSTORM", "id": "130548" }, { "date": "2015-02-26T17:13:09", "db": "PACKETSTORM", "id": "130545" }, { "date": "2014-11-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201411-496" }, { "date": "2014-12-24T11:59:00.057000", "db": "NVD", "id": "CVE-2014-3569" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2014-3569" }, { "date": "2017-01-23T00:09:00", "db": "BID", "id": "71934" }, { "date": "2016-10-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007389" }, { "date": "2020-12-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201411-496" }, { "date": "2024-11-21T02:08:24.510000", "db": "NVD", "id": "CVE-2014-3569" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "CNNVD", "id": "CNNVD-201411-496" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of s23_srvr.c of ssl23_get_client_hello Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007389" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201411-496" } ], "trust": 0.6 } }
wid-sec-w-2023-2068
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "MySQL ist ein Open Source Datenbankserver von Oracle.\r\nDer MySQL Enterprise Monitor \u00fcberwacht kontinuierlich MySQL Anfragen und performaz relevante Server Werte.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2068 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2015/wid-sec-w-2023-2068.json" }, { "category": "self", "summary": "WID-SEC-2023-2068 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2068" }, { "category": "external", "summary": "F5 Security Advisory K17115 vom 2023-08-16", "url": "https://my.f5.com/manage/s/article/K17115" }, { "category": "external", "summary": "Debian Security Advisory DSA-3229-1 vom 2015-04-19", "url": "https://www.debian.org/security/2015/dsa-3229" }, { "category": "external", "summary": "Ubuntu Security Notice USN-2575-1 vom 2015-04-21", "url": "http://www.ubuntu.com/usn/usn-2575-1/" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory Appendix MSQL vom 2015-04-14", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL" }, { "category": "external", "summary": "Ubuntu MariaDB 10.0.18 Release NotesNotice USN-2575-1 vom 2015-04-21 vom 2015-05-21", "url": "https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2015:0946-1 vom 2015-05-26", "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150946-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2015:0946-1 vom 2015-05-26", "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150946-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2015:0946-1 vom 2015-05-26", "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150946-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2015:0946-1 vom 2015-05-26", "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150946-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2015:0946-1 vom 2015-05-26", "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150946-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2015:0946-1 vom 2015-05-26", "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150946-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2015:0946-1 vom 2015-05-26", "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150946-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2015:0946-1 vom 2015-05-26", "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150946-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2015:1273-1 vom 2015-07-21", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00036.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-3311 vom 2015-07-20", "url": "https://www.debian.org/security/2015/dsa-3311" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2015:1629-1 vom 2015-08-17", "url": "http://rhn.redhat.com/errata/RHSA-2015-1629.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2015:1628-1 vom 2015-08-17", "url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html" }, { "category": "external", "summary": "CESA-2015:1628 Moderate CentOS 5 mysql55-mysql Security Update vom 2015-08-17", "url": "http://lists.centos.org/pipermail/centos-announce/2015-August/021331.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2015:1647 vom 2015-08-20", "url": "https://rhn.redhat.com/errata/RHSA-2015-1647.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2015:1665-1 vom 2015-08-24", "url": "https://rhn.redhat.com/errata/RHSA-2015-1665.html" }, { "category": "external", "summary": "CentOS Errata and Security Advisory 2015:1665 vom 2015-08-25", "url": "http://lists.centos.org/pipermail/centos-announce/2015-August/021345.html" }, { "category": "external", "summary": "Juniper Security Advisory JSA10698", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698" }, { "category": "external", "summary": "F5 Security Advisory SOL17115 vom 2015-10-19", "url": "https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17115.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-3621 vom 2016-07-19", "url": "https://www.debian.org/security/2016/dsa-3621" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2016:2259-1 vom 2016-09-08", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162259-1.html" } ], "source_lang": "en-US", "title": "Oracle MySQL: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-08-15T22:00:00.000+00:00", "generator": { "date": "2024-08-15T17:57:07.485+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-2068", "initial_release_date": "2015-04-14T22:00:00.000+00:00", "revision_history": [ { "date": "2015-04-14T22:00:00.000+00:00", "number": "1", "summary": "Initial Release" }, { "date": "2015-04-14T22:00:00.000+00:00", "number": "2", "summary": "Version nicht vorhanden" }, { "date": "2015-04-19T22:00:00.000+00:00", "number": "3", "summary": "New remediations available" }, { "date": "2015-04-21T22:00:00.000+00:00", "number": "4", "summary": "New remediations available" }, { "date": "2015-04-21T22:00:00.000+00:00", "number": "5", "summary": "Version nicht vorhanden" }, { "date": "2015-05-26T22:00:00.000+00:00", "number": "6", "summary": "New remediations available" }, { "date": "2015-05-26T22:00:00.000+00:00", "number": "7", "summary": "Version nicht vorhanden" }, { "date": "2015-07-19T22:00:00.000+00:00", "number": "8", "summary": "New remediations available" }, { "date": "2015-07-19T22:00:00.000+00:00", "number": "9", "summary": "Version nicht vorhanden" }, { "date": "2015-07-21T22:00:00.000+00:00", "number": "10", "summary": "New remediations available" }, { "date": "2015-08-17T22:00:00.000+00:00", "number": "11", "summary": "New remediations available" }, { "date": "2015-08-17T22:00:00.000+00:00", "number": "12", "summary": "Version nicht vorhanden" }, { "date": "2015-08-18T22:00:00.000+00:00", "number": "13", "summary": "New remediations available" }, { "date": "2015-08-18T22:00:00.000+00:00", "number": "14", "summary": "Version nicht vorhanden" }, { "date": "2015-08-18T22:00:00.000+00:00", "number": "15", "summary": "Version nicht vorhanden" }, { "date": "2015-08-24T22:00:00.000+00:00", "number": "16", "summary": "New remediations available" }, { "date": "2015-08-24T22:00:00.000+00:00", "number": "17", "summary": "Version nicht vorhanden" }, { "date": "2015-08-25T22:00:00.000+00:00", "number": "18", "summary": "New remediations available" }, { "date": "2015-08-25T22:00:00.000+00:00", "number": "19", "summary": "Version nicht vorhanden" }, { "date": "2015-10-14T22:00:00.000+00:00", "number": "20", "summary": "New remediations available" }, { "date": "2015-10-14T22:00:00.000+00:00", "number": "21", "summary": "Version nicht vorhanden" }, { "date": "2015-10-19T22:00:00.000+00:00", "number": "22", "summary": "New remediations available" }, { "date": "2015-10-19T22:00:00.000+00:00", "number": "23", "summary": "Version nicht vorhanden" }, { "date": "2016-07-18T22:00:00.000+00:00", "number": "24", "summary": "New remediations available" }, { "date": "2016-09-07T22:00:00.000+00:00", "number": "25", "summary": "New remediations available" }, { "date": "2023-08-15T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von F5 aufgenommen" } ], "status": "final", "version": "26" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP \u003c 14.0.0", "product": { "name": "F5 BIG-IP \u003c 14.0.0", "product_id": "T023087", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip:14.0.0" } } }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP Access Policy Manager 10.1.0 - 10.2.4", "product": { "name": "F5 BIG-IP Access Policy Manager 10.1.0 - 10.2.4", "product_id": "199182", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_access_policy_manager:10.2.4" } } }, { "category": "product_name", "name": "F5 BIG-IP Access Policy Manager 11.0.0 - 11.6.0", "product": { "name": "F5 BIG-IP Access Policy Manager 11.0.0 - 11.6.0", "product_id": "307369", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_access_policy_manager:11.6.0" } } }, { "category": "product_name", "name": "F5 BIG-IP Access Policy Manager 12.0.0", "product": { "name": "F5 BIG-IP Access Policy Manager 12.0.0", "product_id": "T005931", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_access_policy_manager:12.0.0" } } } ], "category": "product_name", "name": "BIG-IP Access Policy Manager" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP Analytics 11.0.0 - 11.6.0", "product": { "name": "F5 BIG-IP Analytics 11.0.0 - 11.6.0", "product_id": "T003683", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_analytics:11.6.0" } } }, { "category": "product_name", "name": "F5 BIG-IP Analytics 12.0.0", "product": { "name": "F5 BIG-IP Analytics 12.0.0", "product_id": "T005928", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_analytics:12.0.0" } } } ], "category": "product_name", "name": "BIG-IP Analytics" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP Application Security Manager 10.1.0 - 10.2.4", "product": { "name": "F5 BIG-IP Application Security Manager 10.1.0 - 10.2.4", "product_id": "T000548", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_application_security_manager:10.2.4" } } }, { "category": "product_name", "name": "F5 BIG-IP Application Security Manager 11.0.0 - 11.6.0", "product": { "name": "F5 BIG-IP Application Security Manager 11.0.0 - 11.6.0", "product_id": "T003684", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_application_security_manager:11.6.0" } } }, { "category": "product_name", "name": "F5 BIG-IP Application Security Manager 12.0.0", "product": { "name": "F5 BIG-IP Application Security Manager 12.0.0", "product_id": "T005932", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_application_security_manager:12.0.0" } } } ], "category": "product_name", "name": "BIG-IP Application Security Manager" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP Edge Gateway 10.1.0 - 10.2.4", "product": { "name": "F5 BIG-IP Edge Gateway 10.1.0 - 10.2.4", "product_id": "241405", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_edge_gateway:10.2.4" } } }, { "category": "product_name", "name": "F5 BIG-IP Edge Gateway 11.0.0 - 11.3.0", "product": { "name": "F5 BIG-IP Edge Gateway 11.0.0 - 11.3.0", "product_id": "269856", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_edge_gateway:11.3.0" } } } ], "category": "product_name", "name": "BIG-IP Edge Gateway" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP Global Traffic Manager 10.1.0 - 10.2.4", "product": { "name": "F5 BIG-IP Global Traffic Manager 10.1.0 - 10.2.4", "product_id": "T000523", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_global_traffic_manager:10.2.4" } } }, { "category": "product_name", "name": "F5 BIG-IP Global Traffic Manager 11.0.0 - 11.6.0", "product": { "name": "F5 BIG-IP Global Traffic Manager 11.0.0 - 11.6.0", "product_id": "T003686", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_global_traffic_manager:11.6.0" } } } ], "category": "product_name", "name": "BIG-IP Global Traffic Manager" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP Link Controller 10.1.0 - 10.2.4", "product": { "name": "F5 BIG-IP Link Controller 10.1.0 - 10.2.4", "product_id": "T000541", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_link_controller:10.2.4" } } }, { "category": "product_name", "name": "F5 BIG-IP Link Controller 11.0.0 - 11.6.0", "product": { "name": "F5 BIG-IP Link Controller 11.0.0 - 11.6.0", "product_id": "T003687", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_link_controller:11.6.0" } } }, { "category": "product_name", "name": "F5 BIG-IP Link Controller 12.0.0", "product": { "name": "F5 BIG-IP Link Controller 12.0.0", "product_id": "T005938", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_link_controller:12.0.0" } } } ], "category": "product_name", "name": "BIG-IP Link Controller" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP Local Traffic Manager 10.1.0 - 10.2.4", "product": { "name": "F5 BIG-IP Local Traffic Manager 10.1.0 - 10.2.4", "product_id": "T003382", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_local_traffic_manager:10.2.4" } } }, { "category": "product_name", "name": "F5 BIG-IP Local Traffic Manager 11.0.0 - 11.6.0", "product": { "name": "F5 BIG-IP Local Traffic Manager 11.0.0 - 11.6.0", "product_id": "T003681", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_local_traffic_manager:11.6.0" } } }, { "category": "product_name", "name": "F5 BIG-IP Local Traffic Manager 12.0.0", "product": { "name": "F5 BIG-IP Local Traffic Manager 12.0.0", "product_id": "T005927", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_local_traffic_manager:12.0.0" } } } ], "category": "product_name", "name": "BIG-IP Local Traffic Manager" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP Protocol Security Manager 10.1.0 - 10.2.4", "product": { "name": "F5 BIG-IP Protocol Security Manager 10.1.0 - 10.2.4", "product_id": "T001410", "product_identification_helper": { "cpe": "cpe:/a:f5:protocol_security_manager:10.2.4" } } }, { "category": "product_name", "name": "F5 BIG-IP Protocol Security Manager 11.0.0 - 11.4.1", "product": { "name": "F5 BIG-IP Protocol Security Manager 11.0.0 - 11.4.1", "product_id": "T003110", "product_identification_helper": { "cpe": "cpe:/a:f5:protocol_security_manager:11.4.1" } } } ], "category": "product_name", "name": "BIG-IP Protocol Security Manager" }, { "category": "product_name", "name": "F5 Enterprise Manager 3.0.0 - 3.1.1", "product": { "name": "F5 Enterprise Manager 3.0.0 - 3.1.1", "product_id": "269870", "product_identification_helper": { "cpe": "cpe:/a:f5:enterprise_manager:3.1.1" } } }, { "branches": [ { "category": "product_name", "name": "F5 WAN Optimization Manager 11.0.0 - 11.3.0", "product": { "name": "F5 WAN Optimization Manager 11.0.0 - 11.3.0", "product_id": "269868", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_wan_optimization_manager:11.3.0" } } }, { "category": "product_name", "name": "F5 WAN Optimization Manager 10.1.0 - 10.2.4", "product": { "name": "F5 WAN Optimization Manager 10.1.0 - 10.2.4", "product_id": "T000535", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip_wan_optimization_manager:10.2.4" } } } ], "category": "product_name", "name": "WAN Optimization Manager" }, { "branches": [ { "category": "product_name", "name": "F5 WebAccelerator 10.1.0 - 10.2.4", "product": { "name": "F5 WebAccelerator 10.1.0 - 10.2.4", "product_id": "T001411", "product_identification_helper": { "cpe": "cpe:/h:f5:big-ip_webaccelerator:10.2.4" } } }, { "category": "product_name", "name": "F5 WebAccelerator 11.0.0 - 11.3.0", "product": { "name": "F5 WebAccelerator 11.0.0 - 11.3.0", "product_id": "T001412", "product_identification_helper": { "cpe": "cpe:/h:f5:big-ip_webaccelerator:11.3.0" } } } ], "category": "product_name", "name": "WebAccelerator" } ], "category": "vendor", "name": "F5" }, { "branches": [ { "category": "product_name", "name": "Juniper Junos Space", "product": { "name": "Juniper Junos Space", "product_id": "T003343", "product_identification_helper": { "cpe": "cpe:/a:juniper:junos_space:-" } } } ], "category": "vendor", "name": "Juniper" }, { "branches": [ { "category": "product_name", "name": "MariaDB MariaDB \u003c 10.0.18", "product": { "name": "MariaDB MariaDB \u003c 10.0.18", "product_id": "T005086", "product_identification_helper": { "cpe": "cpe:/a:mariadb:mariadb:10.0.18" } } } ], "category": "vendor", "name": "MariaDB" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Open Source CentOS 5", "product": { "name": "Open Source CentOS 5", "product_id": "122559", "product_identification_helper": { "cpe": "cpe:/o:centos:centos:5" } } }, { "category": "product_name", "name": "Open Source CentOS 7", "product": { "name": "Open Source CentOS 7", "product_id": "T003633", "product_identification_helper": { "cpe": "cpe:/o:centos:centos:7" } } } ], "category": "product_name", "name": "CentOS" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle MySQL \u003c= 5.6.23", "product": { "name": "Oracle MySQL \u003c= 5.6.23", "product_id": "T004467", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:5.6.23" } } }, { "category": "product_name", "name": "Oracle MySQL \u003c= 5.1.34", "product": { "name": "Oracle MySQL \u003c= 5.1.34", "product_id": "T004850", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:5.1.34" } } }, { "category": "product_name", "name": "Oracle MySQL \u003c= 5.5.41", "product": { "name": "Oracle MySQL \u003c= 5.5.41", "product_id": "T004851", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:5.5.41" } } }, { "category": "product_name", "name": "Oracle MySQL \u003c= 5.5.42", "product": { "name": "Oracle MySQL \u003c= 5.5.42", "product_id": "T004852", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:5.5.42" } } }, { "category": "product_name", "name": "Oracle MySQL \u003c= 5.6.22", "product": { "name": "Oracle MySQL \u003c= 5.6.22", "product_id": "T004857", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:5.6.22" } } } ], "category": "product_name", "name": "MySQL" }, { "branches": [ { "category": "product_name", "name": "Oracle MySQL Enterprise Monitor \u003c= 3.0.10", "product": { "name": "Oracle MySQL Enterprise Monitor \u003c= 3.0.10", "product_id": "T004853", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql_enterprise_monitor:3.0.10" } } }, { "category": "product_name", "name": "Oracle MySQL Enterprise Monitor \u003c= 3.0.18", "product": { "name": "Oracle MySQL Enterprise Monitor \u003c= 3.0.18", "product_id": "T004854", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql_enterprise_monitor:3.0.18" } } }, { "category": "product_name", "name": "Oracle MySQL Enterprise Monitor \u003c= 2.3.16", "product": { "name": "Oracle MySQL Enterprise Monitor \u003c= 2.3.16", "product_id": "T004855", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql_enterprise_monitor:2.3.16" } } }, { "category": "product_name", "name": "Oracle MySQL Enterprise Monitor \u003c= 2.3.19", "product": { "name": "Oracle MySQL Enterprise Monitor \u003c= 2.3.19", "product_id": "T004856", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql_enterprise_monitor:2.3.19" } } } ], "category": "product_name", "name": "MySQL Enterprise Monitor" } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 6", "product": { "name": "Red Hat Enterprise Linux 6", "product_id": "120737", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 5", "product": { "name": "Red Hat Enterprise Linux 5", "product_id": "T000179", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "T003303", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server 7", "product": { "name": "Red Hat Enterprise Linux Server 7", "product_id": "T003550", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop 5", "product": { "name": "Red Hat Enterprise Linux Desktop 5", "product_id": "T000180", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux_desktop:5" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop 7", "product": { "name": "Red Hat Enterprise Linux Desktop 7", "product_id": "T003551", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux_desktop:7::desktop" } } } ], "category": "product_name", "name": "Enterprise Linux Desktop" }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node 7", "product": { "name": "Red Hat Enterprise Linux HPC Node 7", "product_id": "T003549", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux_hpc_node:7" } } }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation 5", "product": { "name": "Red Hat Enterprise Linux Workstation 5", "product_id": "T000622", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux_workstation:5" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation 7", "product": { "name": "Red Hat Enterprise Linux Workstation 7", "product_id": "T003565", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux_workstation:7" } } } ], "category": "product_name", "name": "Enterprise Linux Workstation" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-0112", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2014-0112" }, { "cve": "CVE-2014-3569", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2014-3569" }, { "cve": "CVE-2014-7809", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2014-7809" }, { "cve": "CVE-2015-0405", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0405" }, { "cve": "CVE-2015-0423", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0423" }, { "cve": "CVE-2015-0433", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0433" }, { "cve": "CVE-2015-0438", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0438" }, { "cve": "CVE-2015-0439", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0439" }, { "cve": "CVE-2015-0441", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0441" }, { "cve": "CVE-2015-0498", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0498" }, { "cve": "CVE-2015-0499", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0499" }, { "cve": "CVE-2015-0500", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0500" }, { "cve": "CVE-2015-0501", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0501" }, { "cve": "CVE-2015-0503", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0503" }, { "cve": "CVE-2015-0505", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0505" }, { "cve": "CVE-2015-0506", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0506" }, { "cve": "CVE-2015-0507", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0507" }, { "cve": "CVE-2015-0508", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0508" }, { "cve": "CVE-2015-0511", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-0511" }, { "cve": "CVE-2015-2566", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-2566" }, { "cve": "CVE-2015-2567", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-2567" }, { "cve": "CVE-2015-2568", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-2568" }, { "cve": "CVE-2015-2571", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-2571" }, { "cve": "CVE-2015-2573", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-2573" }, { "cve": "CVE-2015-2575", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-2575" }, { "cve": "CVE-2015-2576", "notes": [ { "category": "description", "text": "In verschiedenen Komponenten von Oracle MySQL existieren insgesamt 26 nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"Complete\" f\u00fcr \"Integrity\", \"Availability\" und \"Confidentiality\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T003343", "269868", "T003303", "T003549", "T005927", "T005928", "269870", "T005086", "T003382", "T000180", "269856", "T004467", "T000548", "2951", "T002207", "T000622", "120737", "T000541", "307369", "122559", "T023087", "T003681", "T003683", "T003684", "T004850", "T004851", "T003565", "T003686", "T004852", "T003687", "T004853", "T004854", "T004855", "T004856", "T004857", "T000535", "T000179", "199182", "T003110", "T003550", "T003551", "T005932", "T003633", "T005931", "241405", "T005938", "T000523", "T001412", "T001411", "T001410" ] }, "release_date": "2015-04-14T22:00:00.000+00:00", "title": "CVE-2015-2576" } ] }
ghsa-66cr-qxrv-fpg2
Vulnerability from github
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.
{ "affected": [], "aliases": [ "CVE-2014-3569" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2014-12-24T11:59:00Z", "severity": "MODERATE" }, "details": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.", "id": "GHSA-66cr-qxrv-fpg2", "modified": "2022-05-17T00:24:12Z", "published": "2022-05-17T00:24:12Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3569" }, { "type": "WEB", "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "type": "WEB", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5" }, { "type": "WEB", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d" }, { "type": "WEB", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b" }, { "type": "WEB", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "type": "WEB", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" }, { "type": "WEB", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102" }, { "type": "WEB", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108" }, { "type": "WEB", "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569" }, { "type": "WEB", "url": "https://support.apple.com/HT204659" }, { "type": "WEB", "url": "https://support.citrix.com/article/CTX216642" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "type": "WEB", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "type": "WEB", "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html" }, { "type": "WEB", "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest" }, { "type": "WEB", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl" }, { "type": "WEB", "url": "http://www.debian.org/security/2015/dsa-3125" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/71934" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1033378" } ], "schema_version": "1.4.0", "severity": [] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.