Vulnerabilites related to dell - bsafe_ssl-j
cve-2001-1105
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
References
▼ | URL | Tags |
---|---|---|
http://www.cisco.com/warp/public/707/SSL-J-pub.html | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/3329 | vdb-entry, x_refsource_BID | |
http://www.ciac.org/ciac/bulletins/l-141.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7112 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:44:07.335Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20010912 Vulnerable SSL Implementation in iCDN", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/SSL-J-pub.html", }, { name: "3329", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/3329", }, { name: "L-141", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/l-141.shtml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html", }, { name: "bsafe-ssl-bypass-authentication(7112)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-09-12T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-18T21:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20010912 Vulnerable SSL Implementation in iCDN", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/SSL-J-pub.html", }, { name: "3329", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/3329", }, { name: "L-141", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/l-141.shtml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html", }, { name: "bsafe-ssl-bypass-authentication(7112)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1105", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20010912 Vulnerable SSL Implementation in iCDN", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/SSL-J-pub.html", }, { name: "3329", refsource: "BID", url: "http://www.securityfocus.com/bid/3329", }, { name: "L-141", refsource: "CIAC", url: "http://www.ciac.org/ciac/bulletins/l-141.shtml", }, { name: "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html", refsource: "CONFIRM", url: "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html", }, { name: "bsafe-ssl-bypass-authentication(7112)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1105", datePublished: "2002-03-15T05:00:00", dateReserved: "2002-03-15T00:00:00", dateUpdated: "2024-08-08T04:44:07.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-4630
Vulnerability from cvelistv5
Published
2014-12-30 15:00
Modified
2024-08-06 11:20
Severity ?
EPSS score ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/72534 | vdb-entry, x_refsource_BID | |
https://secure-resumption.com/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:20:26.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html", }, { name: "72534", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/72534", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://secure-resumption.com/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-12-30T00:00:00", descriptions: [ { lang: "en", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-02-16T15:57:00", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html", }, { name: "72534", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/72534", }, { tags: [ "x_refsource_MISC", ], url: "https://secure-resumption.com/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", ID: "CVE-2014-4630", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20141230 ESA-2014-158: RSA BSAFE Micro Edition Suite and SSL-J Triple Handshake Vulnerability", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html", }, { name: "72534", refsource: "BID", url: "http://www.securityfocus.com/bid/72534", }, { name: "https://secure-resumption.com/", refsource: "MISC", url: "https://secure-resumption.com/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2014-4630", datePublished: "2014-12-30T15:00:00", dateReserved: "2014-06-24T00:00:00", dateUpdated: "2024-08-06T11:20:26.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0625
Vulnerability from cvelistv5
Published
2014-02-18 00:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:20:19.705Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-14T00:00:00", descriptions: [ { lang: "en", value: "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-18T00:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", ID: "CVE-2014-0625", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2014-0625", datePublished: "2014-02-18T00:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:20:19.705Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0079
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2025-01-16 17:33
Severity ?
EPSS score ?
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:01:23.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "9899", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/9899", }, { name: "FEDORA-2005-1042", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html", }, { name: "ESA-20040317-003", tags: [ "vendor-advisory", "x_refsource_ENGARDE", "x_transferred", ], url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { name: "SSRT4717", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { name: "RHSA-2004:121", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { name: "MDKSA-2004:023", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { name: "oval:org.mitre.oval:def:2621", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621", }, { name: "CLA-2004:834", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { name: "SCOSA-2004.10", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { name: "17381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17381", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { name: "FEDORA-2004-095", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { name: "oval:org.mitre.oval:def:9779", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779", }, { name: "oval:org.mitre.oval:def:975", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975", }, { name: "57524", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { name: "SuSE-SA:2004:007", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20040317.txt", }, { name: "FreeBSD-SA-04:05", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc", }, { name: "NetBSD-SA2004-005", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { name: "O-101", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { name: "TA04-078A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { name: "17401", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17401", }, { name: "RHSA-2005:829", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-829.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm", }, { name: "oval:org.mitre.oval:def:870", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870", }, { name: "RHSA-2005:830", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-830.html", }, { name: "GLSA-200403-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { name: "11139", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11139", }, { name: "RHSA-2004:120", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { name: "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US", }, { name: "APPLE-SA-2005-08-15", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { name: "17398", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17398", }, { name: "SSA:2004-077", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { name: "RHSA-2004:139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { name: "openssl-dochangecipherspec-dos(15505)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505", }, { name: "2004-0012", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2004/0012", }, { name: "20040317 Cisco OpenSSL Implementation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=61798", }, { name: "VU#288574", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/288574", }, { name: "DSA-465", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2004/dsa-465", }, { name: "APPLE-SA-2005-08-17", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { name: "18247", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18247", }, { name: "oval:org.mitre.oval:def:5770", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2004-0079", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-08T16:21:54.985893Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-16T17:33:22.869Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-03-17T00:00:00", descriptions: [ { lang: "en", value: "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "9899", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/9899", }, { name: "FEDORA-2005-1042", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html", }, { name: "ESA-20040317-003", tags: [ "vendor-advisory", "x_refsource_ENGARDE", ], url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { name: "SSRT4717", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { name: "RHSA-2004:121", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { name: "MDKSA-2004:023", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { name: "oval:org.mitre.oval:def:2621", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621", }, { name: "CLA-2004:834", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { name: "SCOSA-2004.10", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { name: "17381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17381", }, { tags: [ "x_refsource_MISC", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { name: "FEDORA-2004-095", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { name: "oval:org.mitre.oval:def:9779", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779", }, { name: "oval:org.mitre.oval:def:975", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975", }, { name: "57524", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { name: "SuSE-SA:2004:007", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20040317.txt", }, { name: "FreeBSD-SA-04:05", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc", }, { name: "NetBSD-SA2004-005", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { name: "O-101", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { name: "TA04-078A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { name: "17401", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17401", }, { name: "RHSA-2005:829", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-829.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm", }, { name: "oval:org.mitre.oval:def:870", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870", }, { name: "RHSA-2005:830", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-830.html", }, { name: "GLSA-200403-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { name: "11139", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11139", }, { name: "RHSA-2004:120", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { name: "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US", }, { name: "APPLE-SA-2005-08-15", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { name: "17398", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17398", }, { name: "SSA:2004-077", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { name: "RHSA-2004:139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { name: "openssl-dochangecipherspec-dos(15505)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505", }, { name: "2004-0012", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2004/0012", }, { name: "20040317 Cisco OpenSSL Implementation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=61798", }, { name: "VU#288574", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/288574", }, { name: "DSA-465", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2004/dsa-465", }, { name: "APPLE-SA-2005-08-17", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { name: "18247", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18247", }, { name: "oval:org.mitre.oval:def:5770", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0079", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "9899", refsource: "BID", url: "http://www.securityfocus.com/bid/9899", }, { name: "FEDORA-2005-1042", refsource: "FEDORA", url: "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html", }, { name: "ESA-20040317-003", refsource: "ENGARDE", url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { name: "SSRT4717", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { name: "RHSA-2004:121", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { name: "MDKSA-2004:023", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { name: "oval:org.mitre.oval:def:2621", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621", }, { name: "CLA-2004:834", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { name: "SCOSA-2004.10", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { name: "17381", refsource: "SECUNIA", url: "http://secunia.com/advisories/17381", }, { name: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", refsource: "MISC", url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { name: "FEDORA-2004-095", refsource: "FEDORA", url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { name: "oval:org.mitre.oval:def:9779", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779", }, { name: "oval:org.mitre.oval:def:975", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975", }, { name: "57524", refsource: "SUNALERT", url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { name: "SuSE-SA:2004:007", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { name: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", refsource: "CONFIRM", url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { name: "http://www.openssl.org/news/secadv_20040317.txt", refsource: "CONFIRM", url: "http://www.openssl.org/news/secadv_20040317.txt", }, { name: "FreeBSD-SA-04:05", refsource: "FREEBSD", url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc", }, { name: "NetBSD-SA2004-005", refsource: "NETBSD", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { name: "O-101", refsource: "CIAC", url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { name: "TA04-078A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { name: "17401", refsource: "SECUNIA", url: "http://secunia.com/advisories/17401", }, { name: "RHSA-2005:829", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-829.html", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm", }, { name: "oval:org.mitre.oval:def:870", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870", }, { name: "RHSA-2005:830", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-830.html", }, { name: "GLSA-200403-03", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { name: "11139", refsource: "SECUNIA", url: "http://secunia.com/advisories/11139", }, { name: "RHSA-2004:120", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { name: "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { name: "http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US", refsource: "CONFIRM", url: "http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US", }, { name: "APPLE-SA-2005-08-15", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { name: "17398", refsource: "SECUNIA", url: "http://secunia.com/advisories/17398", }, { name: "SSA:2004-077", refsource: "SLACKWARE", url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { name: "RHSA-2004:139", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { name: "openssl-dochangecipherspec-dos(15505)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505", }, { name: "2004-0012", refsource: "TRUSTIX", url: "http://www.trustix.org/errata/2004/0012", }, { name: "20040317 Cisco OpenSSL Implementation Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { name: "http://docs.info.apple.com/article.html?artnum=61798", refsource: "CONFIRM", url: "http://docs.info.apple.com/article.html?artnum=61798", }, { name: "VU#288574", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/288574", }, { name: "DSA-465", refsource: "DEBIAN", url: "http://www.debian.org/security/2004/dsa-465", }, { name: "APPLE-SA-2005-08-17", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { name: "18247", refsource: "SECUNIA", url: "http://secunia.com/advisories/18247", }, { name: "oval:org.mitre.oval:def:5770", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0079", datePublished: "2004-03-18T05:00:00", dateReserved: "2004-01-19T00:00:00", dateUpdated: "2025-01-16T17:33:22.869Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24409
Vulnerability from cvelistv5
Published
2022-02-23 21:30
Modified
2024-09-17 00:05
Severity ?
EPSS score ?
Summary
Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell | Dell BSAFE SSL-J |
Version: 5.1 < unspecified Version: unspecified < 6.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:55.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE SSL-J", vendor: "Dell", versions: [ { lessThan: "unspecified", status: "affected", version: "5.1", versionType: "custom", }, { lessThan: "6.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2022-02-15T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-385", description: "CWE-385: Covert Timing Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-13T18:20:08", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2022-02-15", ID: "CVE-2022-24409", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE SSL-J", version: { version_data: [ { version_affected: ">=", version_value: "5.1", }, { version_affected: "<", version_value: "6.4", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.", }, ], }, impact: { cvss: { baseScore: 5.9, baseSeverity: "Medium", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-385: Covert Timing Channel", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2022-24409", datePublished: "2022-02-23T21:30:09.240961Z", dateReserved: "2022-02-04T00:00:00", dateUpdated: "2024-09-17T00:05:29.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0887
Vulnerability from cvelistv5
Published
2016-04-12 23:00
Modified
2024-08-05 22:38
Severity ?
EPSS score ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
References
▼ | URL | Tags |
---|---|---|
http://seclists.org/bugtraq/2016/Apr/66 | mailing-list, x_refsource_BUGTRAQ | |
http://www.securitytracker.com/id/1035515 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/archive/1/538055/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.securitytracker.com/id/1035516 | vdb-entry, x_refsource_SECTRACK | |
http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html | x_refsource_MISC | |
http://www.securitytracker.com/id/1035517 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:38:39.964Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Apr/66", }, { name: "1035515", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035515", }, { name: "20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { name: "1035516", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035516", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { name: "1035517", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035517", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-11T00:00:00", descriptions: [ { lang: "en", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Apr/66", }, { name: "1035515", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035515", }, { name: "20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { name: "1035516", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035516", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { name: "1035517", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035517", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", ID: "CVE-2016-0887", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2016/Apr/66", }, { name: "1035515", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035515", }, { name: "20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { name: "1035516", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035516", }, { name: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { name: "1035517", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035517", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2016-0887", datePublished: "2016-04-12T23:00:00", dateReserved: "2015-12-17T00:00:00", dateUpdated: "2024-08-05T22:38:39.964Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3738
Vulnerability from cvelistv5
Published
2019-09-18 22:23
Modified
2024-09-16 19:01
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
https://kc.mcafee.com/corporate/index?page=content&id=SB10318 | x_refsource_CONFIRM | |
https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell | RSA BSAFE Crypto-J |
Version: prior to 6.2.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.574Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE Crypto-J", vendor: "Dell", versions: [ { status: "affected", version: "prior to 6.2.5", }, ], }, ], datePublic: "2019-08-15T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-325", description: "CWE-325: Missing Required Cryptographic Step", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:20:41", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2019-08-15", ID: "CVE-2019-3738", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE Crypto-J", version: { version_data: [ { version_value: "prior to 6.2.5", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.", }, ], }, impact: { cvss: { baseScore: 6.5, baseSeverity: "Medium", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-325: Missing Required Cryptographic Step", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3738", datePublished: "2019-09-18T22:23:10.057919Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T19:01:44.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11068
Vulnerability from cvelistv5
Published
2018-09-11 19:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1041614 | vdb-entry, x_refsource_SECTRACK | |
https://seclists.org/fulldisclosure/2018/Sep/7 | mailing-list, x_refsource_FULLDISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell EMC | RSA BSAFE SSL-J |
Version: unspecified < 6.2.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041614", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041614", }, { name: "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE SSL-J", vendor: "Dell EMC", versions: [ { lessThan: "6.2.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-09-05T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Improper Clearing of Heap Memory Before Release ('Heap Inspection') Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-12T09:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "1041614", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041614", }, { name: "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", DATE_PUBLIC: "2018-09-05T04:00:00.000Z", ID: "CVE-2018-11068", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE SSL-J", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "6.2.4", }, ], }, }, ], }, vendor_name: "Dell EMC", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Clearing of Heap Memory Before Release ('Heap Inspection') Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "1041614", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041614", }, { name: "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", refsource: "FULLDISC", url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11068", datePublished: "2018-09-11T19:00:00Z", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-09-16T23:30:36.808Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0112
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:10:03.359Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "9899", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/9899", }, { name: "SSRT4717", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { name: "RHSA-2004:121", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { name: "MDKSA-2004:023", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { name: "CLA-2004:834", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { name: "SCOSA-2004.10", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { name: "57524", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { name: "SuSE-SA:2004:007", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openssl.org/news/secadv_20040317.txt", }, { name: "NetBSD-SA2004-005", tags: [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { name: "O-101", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred", ], url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { name: "TA04-078A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { name: "oval:org.mitre.oval:def:1049", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049", }, { name: "openssl-kerberos-ciphersuites-dos(15508)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508", }, { name: "VU#484726", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/484726", }, { name: "GLSA-200403-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { name: "oval:org.mitre.oval:def:9580", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580", }, { name: "11139", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11139", }, { name: "RHSA-2004:120", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { name: "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { name: "APPLE-SA-2005-08-15", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { name: "SSA:2004-077", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { name: "2004-0012", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2004/0012", }, { name: "20040317 Cisco OpenSSL Implementation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=61798", }, { name: "APPLE-SA-2005-08-17", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { name: "oval:org.mitre.oval:def:928", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-03-17T00:00:00", descriptions: [ { lang: "en", value: "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "9899", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/9899", }, { name: "SSRT4717", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { name: "RHSA-2004:121", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { name: "MDKSA-2004:023", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { name: "CLA-2004:834", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { name: "SCOSA-2004.10", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { tags: [ "x_refsource_MISC", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { name: "57524", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { name: "SuSE-SA:2004:007", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openssl.org/news/secadv_20040317.txt", }, { name: "NetBSD-SA2004-005", tags: [ "vendor-advisory", "x_refsource_NETBSD", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { name: "O-101", tags: [ "third-party-advisory", "government-resource", "x_refsource_CIAC", ], url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { name: "TA04-078A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { name: "oval:org.mitre.oval:def:1049", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049", }, { name: "openssl-kerberos-ciphersuites-dos(15508)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508", }, { name: "VU#484726", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/484726", }, { name: "GLSA-200403-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { name: "oval:org.mitre.oval:def:9580", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580", }, { name: "11139", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11139", }, { name: "RHSA-2004:120", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { name: "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { name: "APPLE-SA-2005-08-15", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { name: "SSA:2004-077", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { name: "2004-0012", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2004/0012", }, { name: "20040317 Cisco OpenSSL Implementation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=61798", }, { name: "APPLE-SA-2005-08-17", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { name: "oval:org.mitre.oval:def:928", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0112", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "9899", refsource: "BID", url: "http://www.securityfocus.com/bid/9899", }, { name: "SSRT4717", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { name: "RHSA-2004:121", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { name: "MDKSA-2004:023", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { name: "CLA-2004:834", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { name: "SCOSA-2004.10", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { name: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", refsource: "MISC", url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { name: "57524", refsource: "SUNALERT", url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { name: "SuSE-SA:2004:007", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { name: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", refsource: "CONFIRM", url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { name: "http://www.openssl.org/news/secadv_20040317.txt", refsource: "CONFIRM", url: "http://www.openssl.org/news/secadv_20040317.txt", }, { name: "NetBSD-SA2004-005", refsource: "NETBSD", url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { name: "O-101", refsource: "CIAC", url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { name: "TA04-078A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { name: "oval:org.mitre.oval:def:1049", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049", }, { name: "openssl-kerberos-ciphersuites-dos(15508)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508", }, { name: "VU#484726", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/484726", }, { name: "GLSA-200403-03", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { name: "oval:org.mitre.oval:def:9580", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580", }, { name: "11139", refsource: "SECUNIA", url: "http://secunia.com/advisories/11139", }, { name: "RHSA-2004:120", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { name: "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { name: "APPLE-SA-2005-08-15", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { name: "SSA:2004-077", refsource: "SLACKWARE", url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { name: "2004-0012", refsource: "TRUSTIX", url: "http://www.trustix.org/errata/2004/0012", }, { name: "20040317 Cisco OpenSSL Implementation Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { name: "http://docs.info.apple.com/article.html?artnum=61798", refsource: "CONFIRM", url: "http://docs.info.apple.com/article.html?artnum=61798", }, { name: "APPLE-SA-2005-08-17", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { name: "oval:org.mitre.oval:def:928", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0112", datePublished: "2004-03-18T05:00:00", dateReserved: "2004-02-02T00:00:00", dateUpdated: "2024-08-08T00:10:03.359Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-34364
Vulnerability from cvelistv5
Published
2023-02-10 19:13
Modified
2024-08-03 09:07
Severity ?
EPSS score ?
Summary
Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell | BSAFE SSL-J |
Version: 0 ≤ Version: 7.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:07:16.240Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "BSAFE SSL-J", vendor: "Dell", versions: [ { lessThan: "6.5", status: "affected", version: "0", versionType: "semver", }, { status: "affected", version: "7.0", }, ], }, ], datePublic: "2022-09-12T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<div><div><span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.</span>\n\n.</span>\n\n</div></div>\n\n", }, ], value: "\n\n\nDell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.\n\n.\n\n\n\n\n\n\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1295", description: "CWE-1295: Debug Messages Revealing Unnecessary Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-06T06:05:56.612Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2022-34364", datePublished: "2023-02-10T19:13:42.880Z", dateReserved: "2022-06-23T18:55:17.083Z", dateUpdated: "2024-08-03T09:07:16.240Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0534
Vulnerability from cvelistv5
Published
2015-08-20 10:00
Modified
2024-08-06 04:10
Severity ?
EPSS score ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1033298 | vdb-entry, x_refsource_SECTRACK | |
http://seclists.org/bugtraq/2015/Aug/84 | mailing-list, x_refsource_BUGTRAQ | |
http://www.securitytracker.com/id/1033297 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/76377 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:10:11.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1033298", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033298", }, { name: "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2015/Aug/84", }, { name: "1033297", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033297", }, { name: "76377", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/76377", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-17T00:00:00", descriptions: [ { lang: "en", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-20T09:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "1033298", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033298", }, { name: "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2015/Aug/84", }, { name: "1033297", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033297", }, { name: "76377", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/76377", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", ID: "CVE-2015-0534", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1033298", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033298", }, { name: "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2015/Aug/84", }, { name: "1033297", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033297", }, { name: "76377", refsource: "BID", url: "http://www.securityfocus.com/bid/76377", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2015-0534", datePublished: "2015-08-20T10:00:00", dateReserved: "2014-12-17T00:00:00", dateUpdated: "2024-08-06T04:10:11.079Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3739
Vulnerability from cvelistv5
Published
2019-09-18 22:23
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell | RSA BSAFE Crypto-J |
Version: prior to 6.2.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE Crypto-J", vendor: "Dell", versions: [ { status: "affected", version: "prior to 6.2.5", }, ], }, ], datePublic: "2019-08-09T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-310", description: "CWE-310: Cryptographic Issues", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:20:42", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2019-08-09", ID: "CVE-2019-3739", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE Crypto-J", version: { version_data: [ { version_value: "prior to 6.2.5", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.", }, ], }, impact: { cvss: { baseScore: 6.5, baseSeverity: "Medium", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-310: Cryptographic Issues", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3739", datePublished: "2019-09-18T22:23:10.098836Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T17:43:20.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11069
Vulnerability from cvelistv5
Published
2018-09-11 19:00
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1041614 | vdb-entry, x_refsource_SECTRACK | |
https://seclists.org/fulldisclosure/2018/Sep/7 | mailing-list, x_refsource_FULLDISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell EMC | RSA BSAFE SSL-J |
Version: unspecified < 6.2.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041614", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041614", }, { name: "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE SSL-J", vendor: "Dell EMC", versions: [ { lessThan: "6.2.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-09-05T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Covert Timing Channel Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-12T09:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "1041614", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041614", }, { name: "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", DATE_PUBLIC: "2018-09-05T04:00:00.000Z", ID: "CVE-2018-11069", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE SSL-J", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "6.2.4", }, ], }, }, ], }, vendor_name: "Dell EMC", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Covert Timing Channel Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "1041614", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041614", }, { name: "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", refsource: "FULLDISC", url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11069", datePublished: "2018-09-11T19:00:00Z", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-09-16T19:35:24.862Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0627
Vulnerability from cvelistv5
Published
2014-02-18 00:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:20:19.878Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-14T00:00:00", descriptions: [ { lang: "en", value: "The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-18T00:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", ID: "CVE-2014-0627", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2014-0627", datePublished: "2014-02-18T00:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:20:19.878Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0626
Vulnerability from cvelistv5
Published
2014-02-18 00:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:20:19.775Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-14T00:00:00", descriptions: [ { lang: "en", value: "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-18T00:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", ID: "CVE-2014-0626", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2014-0626", datePublished: "2014-02-18T00:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:20:19.775Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0081
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:01:23.650Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "9899", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/9899", }, { name: "ESA-20040317-003", tags: [ "vendor-advisory", "x_refsource_ENGARDE", "x_transferred", ], url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { name: "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=107955049331965&w=2", }, { name: "RHSA-2004:121", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { name: "CLA-2004:834", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { name: "SCOSA-2004.10", tags: [ "vendor-advisory", "x_refsource_SCO", "x_transferred", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { name: "20040304-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc", }, { name: "openssl-tls-dos(15509)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { name: "FEDORA-2004-095", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { name: "57524", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { name: "oval:org.mitre.oval:def:871", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871", }, { name: "oval:org.mitre.oval:def:11755", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755", }, { name: "VU#465542", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/465542", }, { name: "TA04-078A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { name: "GLSA-200403-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { name: "11139", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11139", }, { name: "RHSA-2004:120", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { name: "RHSA-2004:119", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2004-119.html", }, { name: "oval:org.mitre.oval:def:902", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902", }, { name: "RHSA-2004:139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { name: "2004-0012", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2004/0012", }, { name: "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108403850228012&w=2", }, { name: "20040317 Cisco OpenSSL Implementation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { name: "DSA-465", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2004/dsa-465", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-03-17T00:00:00", descriptions: [ { lang: "en", value: "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "9899", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/9899", }, { name: "ESA-20040317-003", tags: [ "vendor-advisory", "x_refsource_ENGARDE", ], url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { name: "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=107955049331965&w=2", }, { name: "RHSA-2004:121", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { name: "CLA-2004:834", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { name: "SCOSA-2004.10", tags: [ "vendor-advisory", "x_refsource_SCO", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { name: "20040304-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc", }, { name: "openssl-tls-dos(15509)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509", }, { tags: [ "x_refsource_MISC", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { name: "FEDORA-2004-095", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { name: "57524", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { name: "oval:org.mitre.oval:def:871", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871", }, { name: "oval:org.mitre.oval:def:11755", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755", }, { name: "VU#465542", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/465542", }, { name: "TA04-078A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { name: "GLSA-200403-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { name: "11139", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11139", }, { name: "RHSA-2004:120", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { name: "RHSA-2004:119", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2004-119.html", }, { name: "oval:org.mitre.oval:def:902", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902", }, { name: "RHSA-2004:139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { name: "2004-0012", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2004/0012", }, { name: "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=108403850228012&w=2", }, { name: "20040317 Cisco OpenSSL Implementation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { name: "DSA-465", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2004/dsa-465", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0081", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "9899", refsource: "BID", url: "http://www.securityfocus.com/bid/9899", }, { name: "ESA-20040317-003", refsource: "ENGARDE", url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { name: "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=107955049331965&w=2", }, { name: "RHSA-2004:121", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { name: "CLA-2004:834", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { name: "SCOSA-2004.10", refsource: "SCO", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { name: "20040304-01-U", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc", }, { name: "openssl-tls-dos(15509)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509", }, { name: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", refsource: "MISC", url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { name: "FEDORA-2004-095", refsource: "FEDORA", url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { name: "57524", refsource: "SUNALERT", url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { name: "oval:org.mitre.oval:def:871", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871", }, { name: "oval:org.mitre.oval:def:11755", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755", }, { name: "VU#465542", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/465542", }, { name: "TA04-078A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { name: "GLSA-200403-03", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { name: "11139", refsource: "SECUNIA", url: "http://secunia.com/advisories/11139", }, { name: "RHSA-2004:120", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { name: "RHSA-2004:119", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2004-119.html", }, { name: "oval:org.mitre.oval:def:902", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902", }, { name: "RHSA-2004:139", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { name: "2004-0012", refsource: "TRUSTIX", url: "http://www.trustix.org/errata/2004/0012", }, { name: "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=108403850228012&w=2", }, { name: "20040317 Cisco OpenSSL Implementation Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { name: "DSA-465", refsource: "DEBIAN", url: "http://www.debian.org/security/2004/dsa-465", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0081", datePublished: "2004-03-18T05:00:00", dateReserved: "2004-01-19T00:00:00", dateUpdated: "2024-08-08T00:01:23.650Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-34381
Vulnerability from cvelistv5
Published
2024-02-02 15:30
Modified
2024-08-03 09:07
Severity ?
EPSS score ?
Summary
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Dell | Dell BSAFE Crypto-J |
Version: 0 ≤ |
||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-34381", options: [ { Exploitation: "None", }, { Automatable: "Yes", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2024-04-20T04:00:11.570842Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:15:49.869Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T09:07:16.247Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Dell BSAFE Crypto-J", vendor: "Dell", versions: [ { lessThan: "6.2.6.1", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Dell BSAFE SSL-J", vendor: "Dell", versions: [ { status: "affected", version: "7.0", }, { lessThan: "6.5", status: "affected", version: "0", versionType: "semver", }, ], }, ], datePublic: "2022-09-12T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.</span>\n\n", }, ], value: "\nDell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1329", description: "CWE-1329: Reliance on Component That is Not Updateable", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-05T16:54:29.967Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2022-34381", datePublished: "2024-02-02T15:30:23.697Z", dateReserved: "2022-06-23T18:55:17.089Z", dateUpdated: "2024-08-03T09:07:16.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28077
Vulnerability from cvelistv5
Published
2024-02-10 03:11
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell | Dell BSAFE SSL-J |
Version: 6.0.x ≤ 6.5 Version: 7.0 ≤ 7.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-28077", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-12T13:35:02.561559Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:20:50.452Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T12:30:23.953Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Dell BSAFE SSL-J\t", vendor: "Dell", versions: [ { lessThanOrEqual: "6.5", status: "affected", version: "6.0.x", versionType: "semver", }, { lessThanOrEqual: "7.1", status: "affected", version: "7.0", versionType: "semver", }, ], }, ], datePublic: "2023-05-19T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. </span>\n\n", }, ], value: "\nDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. \n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1295", description: "CWE-1295: Debug Messages Revealing Unnecessary Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-10T03:11:28.614Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2023-28077", datePublished: "2024-02-10T03:11:28.614Z", dateReserved: "2023-03-10T05:10:02.997Z", dateUpdated: "2024-08-02T12:30:23.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3740
Vulnerability from cvelistv5
Published
2019-09-18 22:23
Modified
2024-09-17 01:40
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell | RSA BSAFE Crypto-J |
Version: prior to 6.2.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.307Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE Crypto-J", vendor: "Dell", versions: [ { status: "affected", version: "prior to 6.2.5", }, ], }, ], datePublic: "2019-08-15T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-310", description: "CWE-310: Cryptographic Issues", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:20:43", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2019-08-15", ID: "CVE-2019-3740", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE Crypto-J", version: { version_data: [ { version_value: "prior to 6.2.5", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.", }, ], }, impact: { cvss: { baseScore: 6.5, baseSeverity: "Medium", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-310: Cryptographic Issues", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®-Crypto-J-Multiple-Security-Vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3740", datePublished: "2019-09-18T22:23:10.138468Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T01:40:53.233Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*", matchCriteriaId: "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "B9CAFC15-178C-4176-9668-D4A04B63E77B", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "3C8D6949-89F4-40EF-98F4-8D15628DC345", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*", matchCriteriaId: "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*", matchCriteriaId: "6479D85C-1A12-486D-818C-6679F415CA26", vulnerable: true, }, { criteria: "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*", matchCriteriaId: "287CF5FA-D0EC-4FD7-9718-973587EF34DF", vulnerable: true, }, { criteria: "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*", matchCriteriaId: "C88168D4-7DB5-4720-8640-400BB680D0FD", vulnerable: true, }, { criteria: "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*", matchCriteriaId: "968915A1-375B-4C69-BE11-9A393F7F1B0F", vulnerable: true, }, { criteria: "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*", matchCriteriaId: "11465DCA-72E5-40E9-9D8E-B3CD470C47E9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", matchCriteriaId: "3954D0D1-9FDF-47D0-9710-D0FB06955B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*", matchCriteriaId: "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*", matchCriteriaId: "E586558A-ABC3-42EB-8B4D-DC92A0D695E6", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*", matchCriteriaId: "2A4C5F60-B32D-4D85-BA28-AE11972ED614", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*", matchCriteriaId: "6A5935C3-3D83-461F-BC26-E03362115C42", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*", matchCriteriaId: "80AC523B-3106-46F2-B760-803DCF8061F4", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*", matchCriteriaId: "F8B8D6F3-D15D-489F-A807-17E63F4831F2", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*", matchCriteriaId: "808189BA-197F-49CE-933E-A728F395749C", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*", matchCriteriaId: "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*", matchCriteriaId: "CC7EF0CD-EA39-457B-8E2E-9120B65A5835", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*", matchCriteriaId: "7BC2983F-5212-464B-AC21-8A897DEC1F58", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*", matchCriteriaId: "EBF17989-D1F2-4B04-80BD-CFABDD482ABA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BF2D00AC-FA2A-4C39-B796-DC19072862CF", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", matchCriteriaId: "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", matchCriteriaId: "441BE3A0-20F4-4972-B279-19B3DB5FA14D", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*", matchCriteriaId: "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*", matchCriteriaId: "00EAEA17-033A-4A50-8E39-D61154876D2F", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*", matchCriteriaId: "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*", matchCriteriaId: "0D9F2B04-A1F2-4788-A53D-C8274A758DDA", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*", matchCriteriaId: "9A5309ED-D84F-4F52-9864-5B0FEEEE5022", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*", matchCriteriaId: "DD7C441E-444B-4DF5-8491-86805C70FB99", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*", matchCriteriaId: "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*", matchCriteriaId: "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", matchCriteriaId: "771931F7-9180-4EBD-8627-E1CF17D24647", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", matchCriteriaId: "EDD9BE2B-7255-4FC1-B452-E8370632B03F", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*", matchCriteriaId: "32310AFE-38CC-4C6C-AE13-54C18720F2C0", vulnerable: true, }, { criteria: "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", matchCriteriaId: "AC46909F-DDFC-448B-BCDF-1EB343F96630", vulnerable: true, }, { criteria: "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", matchCriteriaId: "9496279F-AB43-4B53-81A6-87C651ABC4BA", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", matchCriteriaId: "E562907F-D915-4030-847A-3C6834A80D4E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "038FEDE7-986F-4CA5-9003-BA68352B87D4", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1E140F76-D078-4F58-89CF-3278CDCB9AF3", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "D9D76A8D-832B-411E-A458-186733C66010", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*", matchCriteriaId: "580BA1FE-0826-47A7-8BD3-9225E0841EDD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*", matchCriteriaId: "040B04CD-B891-4F19-A7CC-5C2D462FBD6C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*", matchCriteriaId: "5BF29685-7FFC-4093-A1D4-21E4871AF5C6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*", matchCriteriaId: "E72872C9-63AF-417F-BFAE-92B4D350C006", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*", matchCriteriaId: "80BCF196-5E5A-4F31-BCE7-AA0C748CA922", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*", matchCriteriaId: "970939C5-1E6F-47B6-97E6-7B2C1E019985", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*", matchCriteriaId: "CD1F4148-E772-4708-8C1F-D67F969C11DA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*", matchCriteriaId: "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", matchCriteriaId: "09458CD7-D430-4957-8506-FAB2A3E2AA65", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*", matchCriteriaId: "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F8B87C95-4B34-4628-AD03-67D1DE13E097", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*", matchCriteriaId: "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4F04471C-732F-44EE-AD1B-6305C1DD7DDD", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*", matchCriteriaId: "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*", matchCriteriaId: "E237919A-416B-4039-AAD2-7FAE1F4E100D", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*", matchCriteriaId: "39149924-188C-40C1-B598-A9CD407C90DE", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*", matchCriteriaId: "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E6501108-5455-48FE-AA82-37AFA5D7EC24", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*", matchCriteriaId: "C1A3B951-A1F8-4291-82FA-AB7922D13ACE", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*", matchCriteriaId: "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*", matchCriteriaId: "9D0EF4A3-2FE5-41E4-A764-30B379ECF081", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*", matchCriteriaId: "CCF6D59E-8AEA-4380-B86B-0803B2202F16", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*", matchCriteriaId: "140ABF28-FA39-4D77-AEB2-304962ED48C2", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*", matchCriteriaId: "09473DD9-5114-44C5-B56C-6630FBEBCACB", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7ECD3A4-5A39-4222-8350-524F11D8FFB0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*", matchCriteriaId: "D36C140D-E80C-479A-ADA7-18E901549059", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "940712E9-B041-4B7F-BD02-7DD0AE596D65", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "03B887A2-9025-4C5B-8901-71BC63BF5293", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "33264586-7160-4550-9FF9-4101D72F5C9B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "CE5E6521-0611-4473-82AC-21655F10FEC0", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*", matchCriteriaId: "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*", matchCriteriaId: "8C83ABA2-87CD-429B-9800-590F8256B064", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*", matchCriteriaId: "A4D9A576-2878-4AC4-AC95-E69CB8A84A71", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*", matchCriteriaId: "0A1A0B02-CF33-401F-9AB2-D595E586C795", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*", matchCriteriaId: "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*", matchCriteriaId: "90FB3825-21A6-4DBE-8188-67672DBE01CB", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*", matchCriteriaId: "80623E58-8B46-4559-89A4-C329AACF3CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*", matchCriteriaId: "AEE6C228-CD93-4636-868B-C19BC1674BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*", matchCriteriaId: "A645148C-AD0D-46C1-BEE3-10F5C9066279", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*", matchCriteriaId: "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*", matchCriteriaId: "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*", matchCriteriaId: "02029D75-FAF2-4842-9246-079C7DE36417", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*", matchCriteriaId: "E0146341-364C-4085-A2E1-BC8C260FBA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*", matchCriteriaId: "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*", matchCriteriaId: "B8496E0D-2507-4C25-A122-0B846CBCA72A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*", matchCriteriaId: "8E383F2A-DFCF-47F8-94EE-3563D41EA597", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*", matchCriteriaId: "D2D87EF0-056E-4128-89EB-2803ED83DEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*", matchCriteriaId: "BB3163C1-2044-44DA-9C88-076D75FDF1EB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*", matchCriteriaId: "07E1B690-C58B-4C08-A757-F3DF451FDAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*", matchCriteriaId: "31F0E14C-7681-4D1A-B982-A51E450B93A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", matchCriteriaId: "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*", matchCriteriaId: "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*", matchCriteriaId: "AC604680-2E9E-4DC4-ACDD-74D552A45BA4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*", matchCriteriaId: "37A94436-D092-4C7E-B87B-63BC621EE82E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*", matchCriteriaId: "862165CF-3CFB-4C6E-8238-86FA85F243C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*", matchCriteriaId: "056F3336-BAA8-4A03-90B4-7B31710FC1B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*", matchCriteriaId: "9FDC2510-FBB9-429A-B6D4-10AB11F93960", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*", matchCriteriaId: "5D45127E-A544-40A0-9D34-BD70D95C9772", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*", matchCriteriaId: "56C69C3E-C895-45C8-8182-7BB412A0C828", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*", matchCriteriaId: "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*", matchCriteriaId: "D4D9564B-B92E-4C97-87FF-B56D62DCA775", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:1.5.17:*:*:*:*:*:*:*", matchCriteriaId: "FF2AD44D-3BE8-4541-B62D-9F01D46F8E6A", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:1.5.18:*:*:*:*:*:*:*", matchCriteriaId: "8BF2E08B-9046-41A1-BEDE-EB0B6436315C", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "811E1BE8-3868-49F8-B6E8-D5705559B02E", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "D67C9DB4-E46C-4E84-82D9-AF48EFDAEFBA", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:1.7:*:*:*:*:*:*:*", matchCriteriaId: "CF0E1BF0-6629-40DC-AB23-0256BABD0CB9", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "1AC4E7E5-FCC1-46B0-B69F-F1F6B36838ED", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "2C4AED89-F862-4071-8E94-481A59EDAE8E", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7A3CB6FF-3840-4E80-A0A4-614D6686D2B6", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "67010B0B-ECE7-4EE5-B103-05DC637E150F", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "1355EF99-35FC-44A7-BC56-F7C0EA49BF0C", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6DDA8F10-B059-4403-A790-EFC8822588B2", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "A06BCD31-3FB6-468B-9BC9-EA573717B19F", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "360238CC-3BF5-4750-B16D-8A2E0257022E", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "0C55C754-E213-4E79-AA7B-2CAF8A464388", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.1:*:*:*:*:*:*:*", matchCriteriaId: "647BA524-5A79-408C-BBF2-5780BC522B64", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.2:*:*:*:*:*:*:*", matchCriteriaId: "D599C49D-4D7D-4C44-9D8D-A3F76746BBA8", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "7B4DC717-0785-4C19-8A33-ACA5F378DF3C", vulnerable: true, }, { criteria: "cpe:2.3:a:forcepoint:stonegate:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "858843D3-84BB-48B6-80D1-1271AE60150D", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*", matchCriteriaId: "B931D4F8-23F5-4ABA-A457-959995D30C58", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*", matchCriteriaId: "BE6A023E-9C2A-487F-B5CE-674C766BFE75", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*", matchCriteriaId: "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4", vulnerable: true, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0A7B80E0-40BB-4B4E-9711-AF293A038DD4", vulnerable: true, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9EFCFFE8-9CAD-4A7F-9751-8627E6297C9F", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D3653856-207E-46A7-92DD-D7F377F1829A", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1:*:*:*:*:*:*:*", matchCriteriaId: "7E4627BB-0D75-44BC-989F-0E85C9FA0E2B", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "19053434-F9E7-4839-AB5A-B226CC4616A5", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc1:*:*:*:*:*:*", matchCriteriaId: "D04CABBA-7BEB-44EC-A6E4-A31E41A62BD7", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc2:*:*:*:*:*:*", matchCriteriaId: "8D15C938-4DAB-4011-80EE-A2663E20BFC1", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C9C056ED-2492-4B1C-BCB9-4F36806C4A48", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "A72FC232-A2CB-443B-9A4A-8BBFEFE6517C", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:-:*:*:*:*:*:*", matchCriteriaId: "BA347CD3-0619-4EA2-A736-B59EE9E3AC12", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc1:*:*:*:*:*:*", matchCriteriaId: "4ACEF29C-3225-43A7-9E07-FBCCF555887E", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc2:*:*:*:*:*:*", matchCriteriaId: "46D932AF-FB1A-464D-BA3D-2DC2D3C187CD", vulnerable: false, }, { criteria: "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc3:*:*:*:*:*:*", matchCriteriaId: "9F532860-9E26-45C3-9FB3-6B0888F1279A", vulnerable: false, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*", matchCriteriaId: "A037FAA6-6D26-4496-BC67-03475B4D1155", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*", matchCriteriaId: "D3831DD3-E783-4200-8986-FDBF7DD9BA53", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*", matchCriteriaId: "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*", matchCriteriaId: "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "699764B6-0F86-4AB0-86A3-4F2E69AD820C", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*", matchCriteriaId: "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*", matchCriteriaId: "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*", matchCriteriaId: "E1B83F84-D1EF-43B4-8620-3C1BCCE44553", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*", matchCriteriaId: "41169D2F-4F16-466A-82E9-AD0735472B5B", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*", matchCriteriaId: "947699C3-D9DE-411A-99C0-44ADD1D2223A", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*", matchCriteriaId: "15F668C0-8420-4401-AB0F-479575596CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*", matchCriteriaId: "CDDCC7B6-34CA-4551-9833-306B93E517BD", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*", matchCriteriaId: "6D69C160-39F7-48B8-B9A3-CC86690453C0", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*", matchCriteriaId: "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8FA6420B-9F6A-48F4-A445-12B60A320347", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", matchCriteriaId: "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", matchCriteriaId: "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", matchCriteriaId: "180D07AE-C571-4DD6-837C-43E2A946007A", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", matchCriteriaId: "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", matchCriteriaId: "90789533-C741-4B1C-A24B-2C77B9E4DE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", matchCriteriaId: "1520065B-46D7-48A4-B9D0-5B49F690C5B4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", matchCriteriaId: "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", matchCriteriaId: "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", matchCriteriaId: "494E48E7-EF86-4860-9A53-94F6C313746E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "45A518E8-21BE-4C5C-B425-410AB1208E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", matchCriteriaId: "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", matchCriteriaId: "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", matchCriteriaId: "85BFEED5-4941-41BB-93D1-CD5C2A41290E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", matchCriteriaId: "78E79A05-64F3-4397-952C-A5BB950C967D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", matchCriteriaId: "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", matchCriteriaId: "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*", matchCriteriaId: "09F3FB7B-0F68-49F3-A3B7-977A687A42E2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*", matchCriteriaId: "088F2FF7-96E5-455E-A35B-D99F9854EC6E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*", matchCriteriaId: "FFA721BF-1B2E-479F-BF25-02D441BF175B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*", matchCriteriaId: "AFEDCE49-21CC-4168-818F-4C638EE3B077", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*", matchCriteriaId: "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*", matchCriteriaId: "26430687-409B-448F-934B-06AB937DDF63", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*", matchCriteriaId: "0702A32E-E577-403C-B4D9-15037D7100A5", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "DF1A5808-6D5D-48AD-9470-5A6510D17913", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*", matchCriteriaId: "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*", matchCriteriaId: "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*", matchCriteriaId: "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "8D09E11C-C5BB-409E-BB0D-7F351250419B", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*", matchCriteriaId: "6B06A05D-AA31-441D-9FC2-3558648C3B7E", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*", matchCriteriaId: "C0886901-6F93-44C1-B774-84D7E5D9554C", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "3F203A80-7C1E-4A04-8E99-63525E176753", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*", matchCriteriaId: "CA0A204C-158B-4014-A53C-75E0CD63E0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "085BA581-7DA5-4FA4-A888-351281FD0A7D", vulnerable: true, }, { criteria: "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*", matchCriteriaId: "9519BCB2-B401-44CE-97F6-847BB36AE45F", vulnerable: true, }, { criteria: "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*", matchCriteriaId: "BBE573E8-DD94-4293-99AE-27B9067B3ED9", vulnerable: true, }, { criteria: "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*", matchCriteriaId: "D14413DA-5199-4282-9E22-D347E9D8E469", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*", matchCriteriaId: "05CC5F49-0E9E-45D8-827D-A5940566DB25", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*", matchCriteriaId: "5D94EE19-6CE9-4E02-8174-D9954CDBF02B", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*", matchCriteriaId: "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*", matchCriteriaId: "8CE38F15-BD42-4171-8670-86AA8169A60C", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "20C0BD87-CE4B-49D2-89BE-EF282C43AD72", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C3E6C4A8-59F4-43EE-8413-E95289037598", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FE76357A-27E6-4D85-9AA0-1BB658C41568", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C56C5FDB-24E2-479D-87CA-164CD28567D3", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019", vulnerable: true, }, { criteria: "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*", matchCriteriaId: "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "12DE5E22-DF93-46BE-85A3-D4E04379E901", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*", matchCriteriaId: "BF28C435-C036-4507-8E3F-44E722F9974A", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*", matchCriteriaId: "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*", matchCriteriaId: "5F2CDFE7-6853-4A31-85C0-50C57A8D606A", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", matchCriteriaId: "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*", matchCriteriaId: "408A9DB0-81EF-4186-B338-44954E67289B", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*", matchCriteriaId: "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*", matchCriteriaId: "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*", matchCriteriaId: "303362A5-9C3C-4C85-8C97-2AB12CE01BF6", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*", matchCriteriaId: "FED22DC1-E06B-4511-B920-6DAB792262D8", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*", matchCriteriaId: "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F757B2A7-869F-4702-81EB-466317A79D61", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*", matchCriteriaId: "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F", vulnerable: true, }, { criteria: "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*", matchCriteriaId: "64AF1E33-4086-43E2-8F54-DA75A99D4B75", vulnerable: true, }, { criteria: "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*", matchCriteriaId: "53D16F03-A4C7-4497-AB74-499F208FF059", vulnerable: true, }, { criteria: "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*", matchCriteriaId: "13A33EC1-836B-4C8C-AC18-B5BD4F90E612", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", matchCriteriaId: "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C558CED8-8342-46CB-9F52-580B626D320E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "0F85D19E-6C26-429D-B876-F34238B9DAAF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*", matchCriteriaId: "09063867-0E64-4630-B35B-4CCA348E4DAB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*", matchCriteriaId: "78F98CD7-A352-483C-9968-8FB2627A7CBD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F97FE485-705F-4707-B6C6-0EF9E8A85D5F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E2B925E8-D2C2-4E8C-AC21-0C422245C482", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "B9170562-872E-4C32-869C-B10FF35A925E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "D0927A68-8BB2-4F03-8396-E9CACC158FC0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "559DDBA3-2AF4-4A0C-B219-6779BA931F21", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", matchCriteriaId: "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5226C9CC-6933-4F10-B426-B47782C606FD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "757DAE9A-B25D-4B8A-A41B-66C2897B537E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "5E3DC170-E279-4725-B9EE-6840B5685CC9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*", matchCriteriaId: "8091EDA9-BD18-47F7-8CEC-E086238647C6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*", matchCriteriaId: "6F867890-74A4-4892-B99A-27DB4603B873", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CE05B514-F094-4632-B25B-973F976F6409", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "3392428D-1A85-4472-A276-C482A78E2CE1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*", matchCriteriaId: "40954985-16E6-4F37-B014-6A55166AE093", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*", matchCriteriaId: "0C097809-1FEF-4417-A201-42291CC29122", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.", }, { lang: "es", value: "El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegación de servicio.", }, ], id: "CVE-2004-0112", lastModified: "2024-11-20T23:47:47.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-11-23T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://docs.info.apple.com/article.html?artnum=61798", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/11139", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/484726", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.openssl.org/news/secadv_20040317.txt", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9899", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.trustix.org/errata/2004/0012", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://docs.info.apple.com/article.html?artnum=61798", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/11139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/484726", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.openssl.org/news/secadv_20040317.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.trustix.org/errata/2004/0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", lastModified: "2007-03-14T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-18 00:55
Modified
2024-11-21 02:02
Severity ?
Summary
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_ssl-j | 5.1.2 | |
dell | bsafe_ssl-j | 6.0 | |
emc | rsa_bsafe_ssl-j | 5.0 | |
emc | rsa_bsafe_ssl-j | 5.1.0 | |
emc | rsa_bsafe_ssl-j | 5.1.1 | |
emc | rsa_bsafe_ssl-j | 6.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "314CC197-7A5B-490E-BCA4-DCFFDC32A50F", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*", matchCriteriaId: "514F2922-83FA-4A51-BA74-A17175643BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "384C4C01-A2CF-4241-97D2-C379F4351DD0", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "CBF5DF8B-B891-4291-A5C2-91C2C2525F53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.", }, { lang: "es", value: "La implementación SSLSocket en las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) mediante la activación del procesamiento de los datos de aplicación durante el handshake de TLS, en el momento cuando los datos están almacenados en buffer internamente.", }, ], id: "CVE-2014-0625", lastModified: "2024-11-21T02:02:31.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-18T00:55:05.143", references: [ { source: "security_alert@emc.com", url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-12 23:59
Modified
2024-11-21 02:42
Severity ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_crypto-c-micro-edition | * | |
dell | bsafe_crypto-c-micro-edition | * | |
dell | bsafe_crypto-j | * | |
dell | bsafe_micro-edition-suite | * | |
dell | bsafe_micro-edition-suite | * | |
dell | bsafe_ssl-c | * | |
dell | bsafe_ssl-j | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "673ED099-C778-4E51-89C4-369490646348", versionEndIncluding: "4.0.5.3", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "42D145F5-46EA-4198-BD59-BB296461324E", versionEndIncluding: "4.1.2", versionStartIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*", matchCriteriaId: "44D1B34C-998E-46E6-B7CF-EE28C8E5FBC8", versionEndExcluding: "6.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "5456BD00-766C-4868-9BA5-C8E82B353808", versionEndIncluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "261B4766-7CD0-47F8-997E-706129AA0A5E", versionEndExcluding: "4.1.5", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-c:*:*:*:*:*:*:*:*", matchCriteriaId: "03175755-5E21-4B3A-A329-9F1804CF98CF", versionEndExcluding: "2.8.9", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "36CE780D-E392-4543-A531-F6740823C53D", versionEndExcluding: "6.2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.", }, { lang: "es", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x y 4.1.x en versiones anteriores a 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2.1, RSA BSAFE SSL-J en versiones anteriores a 6.2.1 y RSA BSAFE SSL-C en versiones anteriores a 2.8.9 permiten a atacantes remotos descubrir un factor primo de clave privada llevando a cabo un ataque Lenstra de canal lateral que aprovecha el fallo de una aplicación para detectar un fallo de firma RSA durante una sesión TLS.", }, ], id: "CVE-2016-0887", lastModified: "2024-11-21T02:42:34.353", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-12T23:59:31.413", references: [ { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2016/Apr/66", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035515", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035516", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2016/Apr/66", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035515", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035517", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-01-16 18:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*", matchCriteriaId: "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "B9CAFC15-178C-4176-9668-D4A04B63E77B", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "3C8D6949-89F4-40EF-98F4-8D15628DC345", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*", matchCriteriaId: "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*", matchCriteriaId: "6479D85C-1A12-486D-818C-6679F415CA26", vulnerable: true, }, { criteria: "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*", matchCriteriaId: "287CF5FA-D0EC-4FD7-9718-973587EF34DF", vulnerable: true, }, { criteria: "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*", matchCriteriaId: "C88168D4-7DB5-4720-8640-400BB680D0FD", vulnerable: true, }, { criteria: "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*", matchCriteriaId: "968915A1-375B-4C69-BE11-9A393F7F1B0F", vulnerable: true, }, { criteria: "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*", matchCriteriaId: "11465DCA-72E5-40E9-9D8E-B3CD470C47E9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", matchCriteriaId: "3954D0D1-9FDF-47D0-9710-D0FB06955B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*", matchCriteriaId: "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*", matchCriteriaId: "E586558A-ABC3-42EB-8B4D-DC92A0D695E6", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*", matchCriteriaId: "2A4C5F60-B32D-4D85-BA28-AE11972ED614", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*", matchCriteriaId: "6A5935C3-3D83-461F-BC26-E03362115C42", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*", matchCriteriaId: "80AC523B-3106-46F2-B760-803DCF8061F4", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*", matchCriteriaId: "F8B8D6F3-D15D-489F-A807-17E63F4831F2", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*", matchCriteriaId: "808189BA-197F-49CE-933E-A728F395749C", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*", matchCriteriaId: "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*", matchCriteriaId: "CC7EF0CD-EA39-457B-8E2E-9120B65A5835", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*", matchCriteriaId: "7BC2983F-5212-464B-AC21-8A897DEC1F58", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*", matchCriteriaId: "EBF17989-D1F2-4B04-80BD-CFABDD482ABA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BF2D00AC-FA2A-4C39-B796-DC19072862CF", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", matchCriteriaId: "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", matchCriteriaId: "441BE3A0-20F4-4972-B279-19B3DB5FA14D", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*", matchCriteriaId: "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*", matchCriteriaId: "00EAEA17-033A-4A50-8E39-D61154876D2F", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*", matchCriteriaId: "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*", matchCriteriaId: "0D9F2B04-A1F2-4788-A53D-C8274A758DDA", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*", matchCriteriaId: "9A5309ED-D84F-4F52-9864-5B0FEEEE5022", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*", matchCriteriaId: "DD7C441E-444B-4DF5-8491-86805C70FB99", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*", matchCriteriaId: "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*", matchCriteriaId: "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", matchCriteriaId: "771931F7-9180-4EBD-8627-E1CF17D24647", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", matchCriteriaId: "EDD9BE2B-7255-4FC1-B452-E8370632B03F", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*", matchCriteriaId: "32310AFE-38CC-4C6C-AE13-54C18720F2C0", vulnerable: true, }, { criteria: "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", matchCriteriaId: "AC46909F-DDFC-448B-BCDF-1EB343F96630", vulnerable: true, }, { criteria: "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", matchCriteriaId: "9496279F-AB43-4B53-81A6-87C651ABC4BA", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", matchCriteriaId: "E562907F-D915-4030-847A-3C6834A80D4E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "038FEDE7-986F-4CA5-9003-BA68352B87D4", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1E140F76-D078-4F58-89CF-3278CDCB9AF3", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "D9D76A8D-832B-411E-A458-186733C66010", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*", matchCriteriaId: "580BA1FE-0826-47A7-8BD3-9225E0841EDD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*", matchCriteriaId: "040B04CD-B891-4F19-A7CC-5C2D462FBD6C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*", matchCriteriaId: "5BF29685-7FFC-4093-A1D4-21E4871AF5C6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*", matchCriteriaId: "E72872C9-63AF-417F-BFAE-92B4D350C006", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*", matchCriteriaId: "80BCF196-5E5A-4F31-BCE7-AA0C748CA922", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*", matchCriteriaId: "970939C5-1E6F-47B6-97E6-7B2C1E019985", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*", matchCriteriaId: "CD1F4148-E772-4708-8C1F-D67F969C11DA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*", matchCriteriaId: "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", matchCriteriaId: "09458CD7-D430-4957-8506-FAB2A3E2AA65", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*", matchCriteriaId: "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F8B87C95-4B34-4628-AD03-67D1DE13E097", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*", matchCriteriaId: "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4F04471C-732F-44EE-AD1B-6305C1DD7DDD", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*", matchCriteriaId: "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*", matchCriteriaId: "E237919A-416B-4039-AAD2-7FAE1F4E100D", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*", matchCriteriaId: "39149924-188C-40C1-B598-A9CD407C90DE", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*", matchCriteriaId: "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E6501108-5455-48FE-AA82-37AFA5D7EC24", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*", matchCriteriaId: "C1A3B951-A1F8-4291-82FA-AB7922D13ACE", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*", matchCriteriaId: "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*", matchCriteriaId: "9D0EF4A3-2FE5-41E4-A764-30B379ECF081", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*", matchCriteriaId: "CCF6D59E-8AEA-4380-B86B-0803B2202F16", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*", matchCriteriaId: "140ABF28-FA39-4D77-AEB2-304962ED48C2", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*", matchCriteriaId: "09473DD9-5114-44C5-B56C-6630FBEBCACB", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7ECD3A4-5A39-4222-8350-524F11D8FFB0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*", matchCriteriaId: "D36C140D-E80C-479A-ADA7-18E901549059", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "940712E9-B041-4B7F-BD02-7DD0AE596D65", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "03B887A2-9025-4C5B-8901-71BC63BF5293", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "33264586-7160-4550-9FF9-4101D72F5C9B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "CE5E6521-0611-4473-82AC-21655F10FEC0", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*", matchCriteriaId: "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*", matchCriteriaId: "8C83ABA2-87CD-429B-9800-590F8256B064", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*", matchCriteriaId: "A4D9A576-2878-4AC4-AC95-E69CB8A84A71", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*", matchCriteriaId: "0A1A0B02-CF33-401F-9AB2-D595E586C795", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*", matchCriteriaId: "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*", matchCriteriaId: "90FB3825-21A6-4DBE-8188-67672DBE01CB", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*", matchCriteriaId: "80623E58-8B46-4559-89A4-C329AACF3CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*", matchCriteriaId: "AEE6C228-CD93-4636-868B-C19BC1674BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*", matchCriteriaId: "A645148C-AD0D-46C1-BEE3-10F5C9066279", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*", matchCriteriaId: "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*", matchCriteriaId: "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*", matchCriteriaId: "02029D75-FAF2-4842-9246-079C7DE36417", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*", matchCriteriaId: "E0146341-364C-4085-A2E1-BC8C260FBA3D", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*", matchCriteriaId: "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*", matchCriteriaId: "B8496E0D-2507-4C25-A122-0B846CBCA72A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*", matchCriteriaId: "8E383F2A-DFCF-47F8-94EE-3563D41EA597", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*", matchCriteriaId: "D2D87EF0-056E-4128-89EB-2803ED83DEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*", matchCriteriaId: "BB3163C1-2044-44DA-9C88-076D75FDF1EB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*", matchCriteriaId: "07E1B690-C58B-4C08-A757-F3DF451FDAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*", matchCriteriaId: "31F0E14C-7681-4D1A-B982-A51E450B93A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", matchCriteriaId: "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*", matchCriteriaId: "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*", matchCriteriaId: "AC604680-2E9E-4DC4-ACDD-74D552A45BA4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*", matchCriteriaId: "37A94436-D092-4C7E-B87B-63BC621EE82E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*", matchCriteriaId: "862165CF-3CFB-4C6E-8238-86FA85F243C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*", matchCriteriaId: "056F3336-BAA8-4A03-90B4-7B31710FC1B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*", matchCriteriaId: "9FDC2510-FBB9-429A-B6D4-10AB11F93960", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*", matchCriteriaId: "5D45127E-A544-40A0-9D34-BD70D95C9772", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*", matchCriteriaId: "56C69C3E-C895-45C8-8182-7BB412A0C828", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*", matchCriteriaId: "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*", matchCriteriaId: "D4D9564B-B92E-4C97-87FF-B56D62DCA775", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*", matchCriteriaId: "B931D4F8-23F5-4ABA-A457-959995D30C58", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*", matchCriteriaId: "BE6A023E-9C2A-487F-B5CE-674C766BFE75", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*", matchCriteriaId: "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2A045971-8756-47E8-9044-C39D08B36F1F", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CAA95881-7231-4FDA-AF73-04DF9FF0B64C", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "62B7F6AD-EDBD-4B09-BDB2-795ED114F2AE", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*", matchCriteriaId: "F045AB7B-1551-46E5-A5CC-BF13C1BB49F4", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "44E85930-3AAD-420B-8E3E-AEC57344F6C4", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "52FD4485-BCA2-485A-A0CF-F8152C9DBFA5", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CF53BE4-FE2D-4D63-BD0F-A423D0FE3BE3", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*", matchCriteriaId: "00993464-BE09-4691-B3F0-51BBA9FB80C3", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*", matchCriteriaId: "896AB39E-2078-4BA2-9522-477BD5F98FD1", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*", matchCriteriaId: "EB9279EC-47CF-45F1-B4CC-B2B332E82E34", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E7300C3E-8105-4C23-89B9-7D29CED18C15", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*", matchCriteriaId: "90C59DB2-48DA-4172-A1F5-25CF3B5097AE", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*", matchCriteriaId: "715F4E0B-7E4B-4520-A987-9B3ED3136B75", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*", matchCriteriaId: "9CA1F606-C558-40FD-9300-6E2796F47BA8", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*", matchCriteriaId: "A037FAA6-6D26-4496-BC67-03475B4D1155", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*", matchCriteriaId: "D3831DD3-E783-4200-8986-FDBF7DD9BA53", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*", matchCriteriaId: "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*", matchCriteriaId: "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "699764B6-0F86-4AB0-86A3-4F2E69AD820C", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*", matchCriteriaId: "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*", matchCriteriaId: "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*", matchCriteriaId: "E1B83F84-D1EF-43B4-8620-3C1BCCE44553", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*", matchCriteriaId: "41169D2F-4F16-466A-82E9-AD0735472B5B", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*", matchCriteriaId: "947699C3-D9DE-411A-99C0-44ADD1D2223A", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*", matchCriteriaId: "15F668C0-8420-4401-AB0F-479575596CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*", matchCriteriaId: "CDDCC7B6-34CA-4551-9833-306B93E517BD", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*", matchCriteriaId: "6D69C160-39F7-48B8-B9A3-CC86690453C0", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*", matchCriteriaId: "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8FA6420B-9F6A-48F4-A445-12B60A320347", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", matchCriteriaId: "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", matchCriteriaId: "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", matchCriteriaId: "180D07AE-C571-4DD6-837C-43E2A946007A", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", matchCriteriaId: "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", matchCriteriaId: "90789533-C741-4B1C-A24B-2C77B9E4DE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", matchCriteriaId: "1520065B-46D7-48A4-B9D0-5B49F690C5B4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", matchCriteriaId: "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", matchCriteriaId: "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", matchCriteriaId: "494E48E7-EF86-4860-9A53-94F6C313746E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "45A518E8-21BE-4C5C-B425-410AB1208E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", matchCriteriaId: "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", matchCriteriaId: "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", matchCriteriaId: "85BFEED5-4941-41BB-93D1-CD5C2A41290E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", matchCriteriaId: "78E79A05-64F3-4397-952C-A5BB950C967D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", matchCriteriaId: "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", matchCriteriaId: "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*", matchCriteriaId: "09F3FB7B-0F68-49F3-A3B7-977A687A42E2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*", matchCriteriaId: "088F2FF7-96E5-455E-A35B-D99F9854EC6E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*", matchCriteriaId: "FFA721BF-1B2E-479F-BF25-02D441BF175B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*", matchCriteriaId: "AFEDCE49-21CC-4168-818F-4C638EE3B077", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*", matchCriteriaId: "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*", matchCriteriaId: "26430687-409B-448F-934B-06AB937DDF63", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*", matchCriteriaId: "0702A32E-E577-403C-B4D9-15037D7100A5", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "DF1A5808-6D5D-48AD-9470-5A6510D17913", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*", matchCriteriaId: "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*", matchCriteriaId: "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*", matchCriteriaId: "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "8D09E11C-C5BB-409E-BB0D-7F351250419B", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*", matchCriteriaId: "6B06A05D-AA31-441D-9FC2-3558648C3B7E", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*", matchCriteriaId: "C0886901-6F93-44C1-B774-84D7E5D9554C", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "3F203A80-7C1E-4A04-8E99-63525E176753", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*", matchCriteriaId: "CA0A204C-158B-4014-A53C-75E0CD63E0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "085BA581-7DA5-4FA4-A888-351281FD0A7D", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*", matchCriteriaId: "EA1C4B3C-5701-4233-BA94-28915713F9C8", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*", matchCriteriaId: "28D9F8D7-698A-486A-918A-7DB5CAFBB3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "D125C2A0-A4B5-48D6-A38A-54755C3FDF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "0F85F672-0F21-4AD7-8620-13D82F2ECC22", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*", matchCriteriaId: "89070041-613A-4F7B-BD6A-C6091D21FC52", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "D9A71933-4BD5-4B11-8B14-D997E75F29CD", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "5B6BE11D-FC02-4950-A554-08CC9D8B1853", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A53FD0E1-9BAA-43F0-BCC9-0BE8D4356F55", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B80ADAE8-94D4-46A4-A5ED-FF134D808B52", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "69FA0221-5073-4D45-950F-119497B53FED", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "C4AE5B43-7C90-4C2A-A215-30F5EC5841C9", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2CC1A110-B203-4962-8E1A-74BD98121AF6", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "B5A92C4D-B024-4D39-9479-409C39586F64", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E7E0C4F5-CF02-4FF6-AE9B-5B6B70D5C067", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*", matchCriteriaId: "5E8998CC-E372-46D0-8339-47DC8D92D253", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*", matchCriteriaId: "AF131FDC-BF8D-4A17-99F0-444EB900E83D", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "880811B3-E78E-456E-972E-DE733F368576", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "22411F18-2B93-405A-A3B5-2CF0A04977C6", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*", matchCriteriaId: "C71188B7-E6DC-41E5-B619-367341113501", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "07491444-0196-4504-A971-A5E388B86BBA", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*", matchCriteriaId: "72BC6CD2-3291-4E69-8DC6-F3AB853F8931", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "CD43EDDF-58A7-4705-B8C7-FD76C35A437D", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "A7C2E603-568F-40F6-9A7C-439E2A51B37F", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "703421A7-E8C5-450B-97EF-FD9D99D4B834", vulnerable: true, }, { criteria: "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*", matchCriteriaId: "9519BCB2-B401-44CE-97F6-847BB36AE45F", vulnerable: true, }, { criteria: "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*", matchCriteriaId: "BBE573E8-DD94-4293-99AE-27B9067B3ED9", vulnerable: true, }, { criteria: "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*", matchCriteriaId: "D14413DA-5199-4282-9E22-D347E9D8E469", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*", matchCriteriaId: "05CC5F49-0E9E-45D8-827D-A5940566DB25", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*", matchCriteriaId: "5D94EE19-6CE9-4E02-8174-D9954CDBF02B", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*", matchCriteriaId: "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*", matchCriteriaId: "8CE38F15-BD42-4171-8670-86AA8169A60C", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "20C0BD87-CE4B-49D2-89BE-EF282C43AD72", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C3E6C4A8-59F4-43EE-8413-E95289037598", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FE76357A-27E6-4D85-9AA0-1BB658C41568", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C56C5FDB-24E2-479D-87CA-164CD28567D3", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019", vulnerable: true, }, { criteria: "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*", matchCriteriaId: "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "12DE5E22-DF93-46BE-85A3-D4E04379E901", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*", matchCriteriaId: "BF28C435-C036-4507-8E3F-44E722F9974A", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*", matchCriteriaId: "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*", matchCriteriaId: "5F2CDFE7-6853-4A31-85C0-50C57A8D606A", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", matchCriteriaId: "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*", matchCriteriaId: "408A9DB0-81EF-4186-B338-44954E67289B", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*", matchCriteriaId: "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*", matchCriteriaId: "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*", matchCriteriaId: "303362A5-9C3C-4C85-8C97-2AB12CE01BF6", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*", matchCriteriaId: "FED22DC1-E06B-4511-B920-6DAB792262D8", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*", matchCriteriaId: "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F757B2A7-869F-4702-81EB-466317A79D61", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*", matchCriteriaId: "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F", vulnerable: true, }, { criteria: "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*", matchCriteriaId: "64AF1E33-4086-43E2-8F54-DA75A99D4B75", vulnerable: true, }, { criteria: "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*", matchCriteriaId: "53D16F03-A4C7-4497-AB74-499F208FF059", vulnerable: true, }, { criteria: "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*", matchCriteriaId: "13A33EC1-836B-4C8C-AC18-B5BD4F90E612", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", matchCriteriaId: "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C558CED8-8342-46CB-9F52-580B626D320E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "0F85D19E-6C26-429D-B876-F34238B9DAAF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*", matchCriteriaId: "09063867-0E64-4630-B35B-4CCA348E4DAB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*", matchCriteriaId: "78F98CD7-A352-483C-9968-8FB2627A7CBD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F97FE485-705F-4707-B6C6-0EF9E8A85D5F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E2B925E8-D2C2-4E8C-AC21-0C422245C482", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "B9170562-872E-4C32-869C-B10FF35A925E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "D0927A68-8BB2-4F03-8396-E9CACC158FC0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "559DDBA3-2AF4-4A0C-B219-6779BA931F21", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", matchCriteriaId: "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5226C9CC-6933-4F10-B426-B47782C606FD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "757DAE9A-B25D-4B8A-A41B-66C2897B537E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "5E3DC170-E279-4725-B9EE-6840B5685CC9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*", matchCriteriaId: "8091EDA9-BD18-47F7-8CEC-E086238647C6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*", matchCriteriaId: "6F867890-74A4-4892-B99A-27DB4603B873", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CE05B514-F094-4632-B25B-973F976F6409", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "3392428D-1A85-4472-A276-C482A78E2CE1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*", matchCriteriaId: "40954985-16E6-4F37-B014-6A55166AE093", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*", matchCriteriaId: "0C097809-1FEF-4417-A201-42291CC29122", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.", }, { lang: "es", value: "La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo.", }, ], id: "CVE-2004-0079", lastModified: "2025-01-16T18:15:19.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2004-11-23T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://docs.info.apple.com/article.html?artnum=61798", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/11139", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/17381", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/17398", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/17401", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/18247", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2004/dsa-465", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/288574", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openssl.org/news/secadv_20040317.txt", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2005-829.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2005-830.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9899", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.trustix.org/errata/2004/0012", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://docs.info.apple.com/article.html?artnum=61798", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.apple.com/mhonarc/security-announce/msg00045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=107953412903636&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=108403806509920&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/11139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/17381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/17398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/17401", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/18247", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.ciac.org/ciac/bulletins/o-101.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2004/dsa-465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/288574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.novell.com/linux/security/advisories/2004_07_openssl.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openssl.org/news/secadv_20040317.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2005-829.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2005-830.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.trustix.org/errata/2004/0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", lastModified: "2007-03-14T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-02 16:15
Modified
2024-11-21 07:09
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_ssl-j | * | |
dell | bsafe_ssl-j | 7.0 | |
dell | bsafe_crypto-j | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "82A7B894-3248-4DF6-9DCC-E544979EB97D", versionEndExcluding: "6.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:7.0:*:*:*:*:*:*:*", matchCriteriaId: "50D0F0DB-24D9-4338-A981-48777D482BB0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*", matchCriteriaId: "44FBBAF8-810E-4CF3-8255-1279D6FBB2A4", versionEndExcluding: "6.2.6.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nDell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.\n\n", }, { lang: "es", value: "Dell BSAFE SSL-J versión 7.0 y todas las versiones anteriores a 6.5, y las versiones Dell BSAFE Crypto-J anteriores a 6.2.6.1 contienen una vulnerabilidad de componente de terceros sin mantenimiento. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, lo que comprometería el sistema afectado. Esta es una vulnerabilidad crítica y Dell recomienda a los clientes actualizar lo antes posible.", }, ], id: "CVE-2022-34381", lastModified: "2024-11-21T07:09:23.620", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-02T16:15:45.460", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1329", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-11 19:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.
References
▼ | URL | Tags | |
---|---|---|---|
security_alert@emc.com | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_ssl-j | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "86697545-1BE7-457C-9AE9-B5270C531D49", versionEndExcluding: "6.2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.", }, { lang: "es", value: "RSA BSAFE SSL-J en versiones anteriores a la 6.2.4 contiene una vulnerabilidad de inspección de memoria dinámica (heap) que podría permitir que un atacante con acceso físico al sistema recupere material clave sensible.", }, ], id: "CVE-2018-11068", lastModified: "2024-11-21T03:42:36.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.3, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-11T19:29:01.130", references: [ { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041614", }, { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-459", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-11 19:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
References
▼ | URL | Tags | |
---|---|---|---|
security_alert@emc.com | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
security_alert@emc.com | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041614 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Sep/7 | Mailing List, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_ssl-j | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "86697545-1BE7-457C-9AE9-B5270C531D49", versionEndExcluding: "6.2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, { lang: "es", value: "RSA BSAFE SSL-J, en versiones anteriores a la 6.2.4 contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto también se conoce como ataque Bleichenbacher sobre descifrado RSA. Un atacante remoto podría ser capaz de recuperar una clave RSA.", }, ], id: "CVE-2018-11069", lastModified: "2024-11-21T03:42:37.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-11T19:29:01.270", references: [ { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041614", }, { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2018/Sep/7", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-18 00:55
Modified
2024-11-21 02:02
Severity ?
Summary
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_ssl-j | 5.1.2 | |
dell | bsafe_ssl-j | 6.0 | |
emc | rsa_bsafe_ssl-j | 5.0 | |
emc | rsa_bsafe_ssl-j | 5.1.0 | |
emc | rsa_bsafe_ssl-j | 5.1.1 | |
emc | rsa_bsafe_ssl-j | 6.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "314CC197-7A5B-490E-BCA4-DCFFDC32A50F", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*", matchCriteriaId: "514F2922-83FA-4A51-BA74-A17175643BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "384C4C01-A2CF-4241-97D2-C379F4351DD0", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "CBF5DF8B-B891-4291-A5C2-91C2C2525F53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.", }, { lang: "es", value: "La implementación API SSLEngine en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos provocar la selección de una suite de cifrado débil mediante el uso del método Wrap durante cierto estado del handshake incompleto.", }, ], id: "CVE-2014-0627", lastModified: "2024-11-21T02:02:31.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-18T00:55:05.207", references: [ { source: "security_alert@emc.com", url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-09-12 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | icdn | 2.0 | |
dell | bsafe_ssl-j | 3.0 | |
dell | bsafe_ssl-j | 3.0.1 | |
dell | bsafe_ssl-j | 3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:icdn:2.0:*:*:*:*:*:*:*", matchCriteriaId: "E074F8F9-6997-45FE-8FB9-4A800C896DEC", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*", matchCriteriaId: "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*", matchCriteriaId: "D4D9564B-B92E-4C97-87FF-B56D62DCA775", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.", }, ], id: "CVE-2001-1105", lastModified: "2024-11-20T23:36:53.383", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-09-12T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ciac.org/ciac/bulletins/l-141.shtml", }, { source: "cve@mitre.org", url: "http://www.cisco.com/warp/public/707/SSL-J-pub.html", }, { source: "cve@mitre.org", url: "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3329", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ciac.org/ciac/bulletins/l-141.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/warp/public/707/SSL-J-pub.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3329", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-18 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*", matchCriteriaId: "1710B5A7-08C4-44D8-A175-044FCD92B314", versionEndIncluding: "6.2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*", matchCriteriaId: "9757B880-0E5B-40B1-A15C-0EAA52046A73", versionEndExcluding: "6.2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "FEE68BD5-3D1C-4D69-B026-319FBEDBC798", versionEndIncluding: "6.2.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E87B8C7B-2654-4F9C-9B5D-794DA484B42D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9C6F5710-490D-41D4-8C9B-27FC530117A7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", matchCriteriaId: "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*", matchCriteriaId: "20352616-6BCA-485D-8DD7-DFC97AD6A30D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "68165D37-489E-45D7-BA7A-A38164B5C26D", versionEndExcluding: "19.1.0.0.0.210420", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "44357172-4035-4D57-9C83-D80BDDE8E8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*", matchCriteriaId: "CE7DB324-98A0-40AD-96D4-0800340F6F3A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6D325A0-3441-41AC-B00F-F2A7F85370A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "0E703304-0752-46F2-998B-A3D37C9E7A54", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "722969B5-36CD-4413-954B-347BB7E51FAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "BF295023-399E-4180-A28B-2DA3327A372C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3E5A2A49-42B0-44EB-B606-999275DC1DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "54B0A494-14DD-4384-9DCE-14945EBE1A19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A890746E-EE1A-4DBC-BB04-84CC79767F85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6308E929-D44D-48A1-BAEE-47BE4E164124", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FDD2640A-5964-4937-B912-CEA2173FAFEE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11BE9059-29C1-417D-AFB3-98066E95D883", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*", matchCriteriaId: "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.", }, { lang: "es", value: "RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son vulnerables a la Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves ECDSA. Un atacante remoto malicioso podría explotar potencialmente esas vulnerabilidades para recuperar claves ECDSA.", }, ], id: "CVE-2019-3739", lastModified: "2024-11-21T04:42:26.480", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-18T23:15:11.110", references: [ { source: "security_alert@emc.com", url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "security_alert@emc.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-10 03:15
Modified
2024-11-21 07:54
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_ssl-j | * | |
dell | bsafe_ssl-j | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "83A641BB-542A-404B-9B5C-4356F2F55EF5", versionEndExcluding: "6.5.1", versionStartIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "E6EBF250-3157-40DE-A73A-3F331897DBFE", versionEndExcluding: "7.1.1", versionStartIncluding: "7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. \n\n", }, { lang: "es", value: "Dell BSAFE SSL-J, versiones anteriores a 6.5 y versiones 7.0 y 7.1 contienen un mensaje de depuración que revela una vulnerabilidad de información innecesaria. Esto puede llevar a revelar información confidencial a un usuario con privilegios locales.", }, ], id: "CVE-2023-28077", lastModified: "2024-11-21T07:54:21.373", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-10T03:15:07.680", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000214287/dsa-2023-156-dell-bsafe-ssl-j-7-1-1-security-update", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1295", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-12-30 15:59
Modified
2024-11-21 02:10
Severity ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
References
▼ | URL | Tags | |
---|---|---|---|
security_alert@emc.com | http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html | Broken Link | |
security_alert@emc.com | http://www.securityfocus.com/bid/72534 | Third Party Advisory, VDB Entry | |
security_alert@emc.com | https://secure-resumption.com/ | Technical Description | |
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html | Broken Link | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72534 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://secure-resumption.com/ | Technical Description |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_micro-edition-suite | 4.0.0 | |
dell | bsafe_micro-edition-suite | 4.0.1 | |
dell | bsafe_micro-edition-suite | 4.0.2 | |
dell | bsafe_micro-edition-suite | 4.0.3 | |
dell | bsafe_micro-edition-suite | 4.0.4 | |
dell | bsafe_micro-edition-suite | 4.0.5 | |
dell | bsafe_ssl-j | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9070318E-1AB0-4EC9-8192-D7E2BCF1B4BE", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3BAAD58D-7B35-4C0C-8800-DF8B78999A09", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F608E0D4-F71E-4F84-9170-7BE65F415B84", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "8CA858A4-7617-4930-9D47-0B334E5A64B0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "2FE2BD4F-AF53-4BFF-A652-FB9D181036CB", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A0A8C0D1-7201-48FC-8F72-1D138EDBDCD5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "CCFB0541-6B9F-4C15-886E-45831E5C680E", versionEndIncluding: "6.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\"", }, { lang: "es", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.6 y RSA BSAFE SSL-J anterior a 6.1.4 no asegura que el certificado de servidor X.509 sea el mismo durante la renegociación como lo era antes de ella, lo que permite ataques 'man-in-the-middle' para obtener información sensible o modificar datos de la sesión TLS a través de 'ataque de triple negociación'", }, ], id: "CVE-2014-4630", lastModified: "2024-11-21T02:10:36.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-12-30T15:59:00.063", references: [ { source: "security_alert@emc.com", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/72534", }, { source: "security_alert@emc.com", tags: [ "Technical Description", ], url: "https://secure-resumption.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/72534", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "https://secure-resumption.com/", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-18 00:55
Modified
2024-11-21 02:02
Severity ?
Summary
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_ssl-j | 5.1.2 | |
dell | bsafe_ssl-j | 6.0 | |
emc | rsa_bsafe_ssl-j | 5.0 | |
emc | rsa_bsafe_ssl-j | 5.1.0 | |
emc | rsa_bsafe_ssl-j | 5.1.1 | |
emc | rsa_bsafe_ssl-j | 6.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "314CC197-7A5B-490E-BCA4-DCFFDC32A50F", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:6.0:*:*:*:*:*:*:*", matchCriteriaId: "514F2922-83FA-4A51-BA74-A17175643BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8B160FFB-EF0D-4D7B-9810-3D7728FB0B4C", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "384C4C01-A2CF-4241-97D2-C379F4351DD0", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AB1CF0F5-828F-405C-B8E8-D7F8AD15BEF6", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_ssl-j:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "CBF5DF8B-B891-4291-A5C2-91C2C2525F53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.", }, { lang: "es", value: "Las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 facilitan a atacantes remotos evadir mecanismos de protección criptográfica mediante el aprovechamiento del procesamiento de datos de la aplicación durante el handshake de TLS, en el momento cuando los datos no están cifrados ni autenticados.", }, ], id: "CVE-2014-0626", lastModified: "2024-11-21T02:02:31.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-18T00:55:05.173", references: [ { source: "security_alert@emc.com", url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-23 22:15
Modified
2024-11-21 06:50
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_ssl-j | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "1DF777CC-55D9-4B4A-8E0D-71A5835B9296", versionEndExcluding: "6.4", versionStartIncluding: "6.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.", }, { lang: "es", value: "Dell BSAFE SSL-J contiene una solución para una vulnerabilidad de canal de tiempo encubierto que puede ser explotada por usuarios maliciosos para comprometer el sistema afectado. Sólo los clientes con contratos de mantenimiento BSAFE activos pueden recibir detalles sobre esta vulnerabilidad. La divulgación pública de los detalles de la vulnerabilidad se compartirá en una fecha posterior", }, ], id: "CVE-2022-24409", lastModified: "2024-11-21T06:50:21.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-23T22:15:07.647", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000196312/dsa-2022-023-dell-bsafetm-ssl-j-6-4-security-update-for-a-single-covert-timing-channel", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-385", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-08-20 10:59
Modified
2024-11-21 02:23
Severity ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.
References
▼ | URL | Tags | |
---|---|---|---|
security_alert@emc.com | http://seclists.org/bugtraq/2015/Aug/84 | Mailing List, Third Party Advisory | |
security_alert@emc.com | http://www.securityfocus.com/bid/76377 | Third Party Advisory, VDB Entry | |
security_alert@emc.com | http://www.securitytracker.com/id/1033297 | Third Party Advisory, VDB Entry | |
security_alert@emc.com | http://www.securitytracker.com/id/1033298 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2015/Aug/84 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76377 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033297 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033298 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe | * | |
dell | bsafe | * | |
dell | bsafe_ssl-c | * | |
dell | bsafe_ssl-j | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "881DAA21-9EDC-4E14-8EDC-D9CEDA06829F", versionEndExcluding: "4.0.8", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "0827F5F6-5146-4AE7-935E-A1721D0EB656", versionEndExcluding: "4.1.3", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-c:*:*:*:*:*:*:*:*", matchCriteriaId: "9C58A542-D445-466F-B897-5D9A88B486E2", versionEndIncluding: "2.8.9", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "3D1B7149-78D4-4D1A-97B3-6441ADED030C", versionEndExcluding: "6.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.", }, { lang: "es", value: "Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2, RSA BSAFE SSL-J en versiones anteriores a 6.2 y RSA BSAFE SSL-C 2.8.9 y versiones anteriores, no fuerza ciertas restricciones en datos de certificado, lo que permite a atacantes remotos anular el mecanismo de protección de lista negra de certificados basado en fingerprint mediante la inclusión de datos manipulados en una porción sin firmar de un certificado, un problema similar a CVE-2014-8275.", }, ], id: "CVE-2015-0534", lastModified: "2024-11-21T02:23:15.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2015-08-20T10:59:01.310", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2015/Aug/84", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/76377", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033297", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033298", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2015/Aug/84", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/76377", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033298", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*", matchCriteriaId: "2A9CB22A-21E0-46F6-B6CD-BB38A80FA7A4", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "B9CAFC15-178C-4176-9668-D4A04B63E77B", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "3C8D6949-89F4-40EF-98F4-8D15628DC345", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*", matchCriteriaId: "F3DB2AEE-FB5C-42B7-845B-EDA3E58D5D68", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*", matchCriteriaId: "6479D85C-1A12-486D-818C-6679F415CA26", vulnerable: true, }, { criteria: "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*", matchCriteriaId: "287CF5FA-D0EC-4FD7-9718-973587EF34DF", vulnerable: true, }, { criteria: "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*", matchCriteriaId: "C88168D4-7DB5-4720-8640-400BB680D0FD", vulnerable: true, }, { criteria: "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*", matchCriteriaId: "968915A1-375B-4C69-BE11-9A393F7F1B0F", vulnerable: true, }, { criteria: "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*", matchCriteriaId: "11465DCA-72E5-40E9-9D8E-B3CD470C47E9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", matchCriteriaId: "3954D0D1-9FDF-47D0-9710-D0FB06955B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*", matchCriteriaId: "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*", matchCriteriaId: "E586558A-ABC3-42EB-8B4D-DC92A0D695E6", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*", matchCriteriaId: "2A4C5F60-B32D-4D85-BA28-AE11972ED614", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*", matchCriteriaId: "6A5935C3-3D83-461F-BC26-E03362115C42", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*", matchCriteriaId: "80AC523B-3106-46F2-B760-803DCF8061F4", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*", matchCriteriaId: "F8B8D6F3-D15D-489F-A807-17E63F4831F2", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*", matchCriteriaId: "808189BA-197F-49CE-933E-A728F395749C", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*", matchCriteriaId: "32DCFA7B-7BBB-465A-A4AD-7E18EE3C02DC", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*", matchCriteriaId: "CC7EF0CD-EA39-457B-8E2E-9120B65A5835", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*", matchCriteriaId: "7BC2983F-5212-464B-AC21-8A897DEC1F58", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*", matchCriteriaId: "EBF17989-D1F2-4B04-80BD-CFABDD482ABA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BF2D00AC-FA2A-4C39-B796-DC19072862CF", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*", matchCriteriaId: "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*", matchCriteriaId: "441BE3A0-20F4-4972-B279-19B3DB5FA14D", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*", matchCriteriaId: "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*", matchCriteriaId: "00EAEA17-033A-4A50-8E39-D61154876D2F", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*", matchCriteriaId: "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*", matchCriteriaId: "0D9F2B04-A1F2-4788-A53D-C8274A758DDA", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*", matchCriteriaId: "9A5309ED-D84F-4F52-9864-5B0FEEEE5022", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*", matchCriteriaId: "DD7C441E-444B-4DF5-8491-86805C70FB99", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*", matchCriteriaId: "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*", matchCriteriaId: "31B1ADC1-9B6D-4B5E-A05A-D69599A3A0D5", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", matchCriteriaId: "771931F7-9180-4EBD-8627-E1CF17D24647", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", matchCriteriaId: "EDD9BE2B-7255-4FC1-B452-E8370632B03F", vulnerable: true, }, { criteria: "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*", matchCriteriaId: "32310AFE-38CC-4C6C-AE13-54C18720F2C0", vulnerable: true, }, { criteria: "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", matchCriteriaId: "AC46909F-DDFC-448B-BCDF-1EB343F96630", vulnerable: true, }, { criteria: "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", matchCriteriaId: "9496279F-AB43-4B53-81A6-87C651ABC4BA", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", matchCriteriaId: "0EFE2E73-9536-41A9-B83B-0A06B54857F4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", matchCriteriaId: "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", matchCriteriaId: "E562907F-D915-4030-847A-3C6834A80D4E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "038FEDE7-986F-4CA5-9003-BA68352B87D4", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1E140F76-D078-4F58-89CF-3278CDCB9AF3", vulnerable: true, }, { criteria: "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "D9D76A8D-832B-411E-A458-186733C66010", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*", matchCriteriaId: "580BA1FE-0826-47A7-8BD3-9225E0841EDD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*", matchCriteriaId: "040B04CD-B891-4F19-A7CC-5C2D462FBD6C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*", matchCriteriaId: "5BF29685-7FFC-4093-A1D4-21E4871AF5C6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*", matchCriteriaId: "E72872C9-63AF-417F-BFAE-92B4D350C006", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*", matchCriteriaId: "80BCF196-5E5A-4F31-BCE7-AA0C748CA922", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*", matchCriteriaId: "970939C5-1E6F-47B6-97E6-7B2C1E019985", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*", matchCriteriaId: "CD1F4148-E772-4708-8C1F-D67F969C11DA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*", matchCriteriaId: "3CEBCEF0-5982-4B30-8377-9CAC978A1CB0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", matchCriteriaId: "09458CD7-D430-4957-8506-FAB2A3E2AA65", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*", matchCriteriaId: "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F8B87C95-4B34-4628-AD03-67D1DE13E097", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*", matchCriteriaId: "758F95DB-E619-4B08-86FA-6CF2C1B0CBCD", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4F04471C-732F-44EE-AD1B-6305C1DD7DDD", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*", matchCriteriaId: "3499913B-5DCD-4115-8C7B-9E8AFF79DE5E", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*", matchCriteriaId: "E237919A-416B-4039-AAD2-7FAE1F4E100D", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*", matchCriteriaId: "39149924-188C-40C1-B598-A9CD407C90DE", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*", matchCriteriaId: "15D5780C-4E29-4BCA-A47E-29FF6EAF33FC", vulnerable: true, }, { criteria: "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E6501108-5455-48FE-AA82-37AFA5D7EC24", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*", matchCriteriaId: "C1A3B951-A1F8-4291-82FA-AB7922D13ACE", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*", matchCriteriaId: "3F2E7C81-C0F5-4D36-9A23-03BE69295ED0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*", matchCriteriaId: "9D0EF4A3-2FE5-41E4-A764-30B379ECF081", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*", matchCriteriaId: "CCF6D59E-8AEA-4380-B86B-0803B2202F16", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*", matchCriteriaId: "140ABF28-FA39-4D77-AEB2-304962ED48C2", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*", matchCriteriaId: "09473DD9-5114-44C5-B56C-6630FBEBCACB", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7ECD3A4-5A39-4222-8350-524F11D8FFB0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*", matchCriteriaId: "D36C140D-E80C-479A-ADA7-18E901549059", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "940712E9-B041-4B7F-BD02-7DD0AE596D65", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "03B887A2-9025-4C5B-8901-71BC63BF5293", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "33264586-7160-4550-9FF9-4101D72F5C9B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "CE5E6521-0611-4473-82AC-21655F10FEC0", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*", matchCriteriaId: "AA9A50A1-CA8C-4EE5-B68F-4958F6B4B028", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*", matchCriteriaId: "8C83ABA2-87CD-429B-9800-590F8256B064", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*", matchCriteriaId: "A4D9A576-2878-4AC4-AC95-E69CB8A84A71", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*", matchCriteriaId: "0A1A0B02-CF33-401F-9AB2-D595E586C795", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*", matchCriteriaId: "8C0EF3F0-B82E-45B7-8D05-05E76009F7A2", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*", matchCriteriaId: "90FB3825-21A6-4DBE-8188-67672DBE01CB", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*", matchCriteriaId: "80623E58-8B46-4559-89A4-C329AACF3CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*", matchCriteriaId: "AEE6C228-CD93-4636-868B-C19BC1674BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*", matchCriteriaId: "A645148C-AD0D-46C1-BEE3-10F5C9066279", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*", matchCriteriaId: "0D69187C-7F46-4FF0-A8A0-0E1989EA79BC", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:next_generation:*:*:*:*:*:*:*", matchCriteriaId: "C48F4DF4-8091-45D0-9F80-F760500B1202", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*", matchCriteriaId: "4AE4A7EE-1BA3-46F1-BF4A-A72997EE0992", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*", matchCriteriaId: "02029D75-FAF2-4842-9246-079C7DE36417", vulnerable: true, }, { criteria: "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*", matchCriteriaId: "B5EF01C8-1C8A-4BD1-A13B-CE31F09F9523", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*", matchCriteriaId: "B8496E0D-2507-4C25-A122-0B846CBCA72A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*", matchCriteriaId: "8E383F2A-DFCF-47F8-94EE-3563D41EA597", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*", matchCriteriaId: "D2D87EF0-056E-4128-89EB-2803ED83DEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*", matchCriteriaId: "BB3163C1-2044-44DA-9C88-076D75FDF1EB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*", matchCriteriaId: "07E1B690-C58B-4C08-A757-F3DF451FDAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*", matchCriteriaId: "31F0E14C-7681-4D1A-B982-A51E450B93A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", matchCriteriaId: "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*", matchCriteriaId: "2CF39E8B-C201-4940-81C9-14AF4C3DD4B5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*", matchCriteriaId: "AC604680-2E9E-4DC4-ACDD-74D552A45BA4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*", matchCriteriaId: "37A94436-D092-4C7E-B87B-63BC621EE82E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*", matchCriteriaId: "862165CF-3CFB-4C6E-8238-86FA85F243C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*", matchCriteriaId: "056F3336-BAA8-4A03-90B4-7B31710FC1B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*", matchCriteriaId: "9FDC2510-FBB9-429A-B6D4-10AB11F93960", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*", matchCriteriaId: "5D45127E-A544-40A0-9D34-BD70D95C9772", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*", matchCriteriaId: "56C69C3E-C895-45C8-8182-7BB412A0C828", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*", matchCriteriaId: "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*", matchCriteriaId: "D4D9564B-B92E-4C97-87FF-B56D62DCA775", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*", matchCriteriaId: "B931D4F8-23F5-4ABA-A457-959995D30C58", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*", matchCriteriaId: "BE6A023E-9C2A-487F-B5CE-674C766BFE75", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*", matchCriteriaId: "6A15ACA2-D500-4260-B51A-6FE6AB5A45A4", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2A045971-8756-47E8-9044-C39D08B36F1F", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CAA95881-7231-4FDA-AF73-04DF9FF0B64C", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "62B7F6AD-EDBD-4B09-BDB2-795ED114F2AE", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*", matchCriteriaId: "F045AB7B-1551-46E5-A5CC-BF13C1BB49F4", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "44E85930-3AAD-420B-8E3E-AEC57344F6C4", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "52FD4485-BCA2-485A-A0CF-F8152C9DBFA5", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7CF53BE4-FE2D-4D63-BD0F-A423D0FE3BE3", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*", matchCriteriaId: "00993464-BE09-4691-B3F0-51BBA9FB80C3", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*", matchCriteriaId: "896AB39E-2078-4BA2-9522-477BD5F98FD1", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*", matchCriteriaId: "EB9279EC-47CF-45F1-B4CC-B2B332E82E34", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E7300C3E-8105-4C23-89B9-7D29CED18C15", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*", matchCriteriaId: "90C59DB2-48DA-4172-A1F5-25CF3B5097AE", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*", matchCriteriaId: "715F4E0B-7E4B-4520-A987-9B3ED3136B75", vulnerable: true, }, { criteria: "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*", matchCriteriaId: "9CA1F606-C558-40FD-9300-6E2796F47BA8", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*", matchCriteriaId: "A037FAA6-6D26-4496-BC67-03475B4D1155", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*", matchCriteriaId: "D3831DD3-E783-4200-8986-FDBF7DD9BA53", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*", matchCriteriaId: "2909C9D5-3D8F-4C41-B0E7-A0C0B432C19A", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*", matchCriteriaId: "E09436DF-E3C1-4C03-A3BE-73C4BC84BB7B", vulnerable: true, }, { criteria: "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "699764B6-0F86-4AB0-86A3-4F2E69AD820C", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*", matchCriteriaId: "7562ADC4-0D01-4FC2-98F0-1F4041BDA52E", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*", matchCriteriaId: "E6FAB588-BDBE-4A04-AB9E-4F700A3951F0", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*", matchCriteriaId: "E1B83F84-D1EF-43B4-8620-3C1BCCE44553", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*", matchCriteriaId: "41169D2F-4F16-466A-82E9-AD0735472B5B", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*", matchCriteriaId: "947699C3-D9DE-411A-99C0-44ADD1D2223A", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*", matchCriteriaId: "15F668C0-8420-4401-AB0F-479575596CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*", matchCriteriaId: "CDDCC7B6-34CA-4551-9833-306B93E517BD", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*", matchCriteriaId: "6D69C160-39F7-48B8-B9A3-CC86690453C0", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*", matchCriteriaId: "166BF638-ABDC-4BB9-BD4E-2B22681AD9CC", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8FA6420B-9F6A-48F4-A445-12B60A320347", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", matchCriteriaId: "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", matchCriteriaId: "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", matchCriteriaId: "180D07AE-C571-4DD6-837C-43E2A946007A", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", matchCriteriaId: "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", matchCriteriaId: "90789533-C741-4B1C-A24B-2C77B9E4DE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", matchCriteriaId: "1520065B-46D7-48A4-B9D0-5B49F690C5B4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", matchCriteriaId: "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", matchCriteriaId: "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", matchCriteriaId: "494E48E7-EF86-4860-9A53-94F6C313746E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", matchCriteriaId: "45A518E8-21BE-4C5C-B425-410AB1208E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", matchCriteriaId: "9E3AB748-E463-445C-ABAB-4FEDDFD1878B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", matchCriteriaId: "660E4B8D-AABA-4520-BC4D-CF8E76E07C05", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", matchCriteriaId: "85BFEED5-4941-41BB-93D1-CD5C2A41290E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", matchCriteriaId: "78E79A05-64F3-4397-952C-A5BB950C967D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", matchCriteriaId: "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", matchCriteriaId: "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*", matchCriteriaId: "09F3FB7B-0F68-49F3-A3B7-977A687A42E2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*", matchCriteriaId: "088F2FF7-96E5-455E-A35B-D99F9854EC6E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*", matchCriteriaId: "FFA721BF-1B2E-479F-BF25-02D441BF175B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*", matchCriteriaId: "AFEDCE49-21CC-4168-818F-4C638EE3B077", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*", matchCriteriaId: "B7D18F9B-C0BE-4DE8-81F4-5BF56C00BF41", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*", matchCriteriaId: "26430687-409B-448F-934B-06AB937DDF63", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*", matchCriteriaId: "0702A32E-E577-403C-B4D9-15037D7100A5", vulnerable: true, }, { criteria: "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", matchCriteriaId: "29DC217F-C257-4A3C-9CBD-08010C30BEC3", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "8F0F78F4-E81E-4C6B-AB73-D6AAE191060E", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "DF1A5808-6D5D-48AD-9470-5A6510D17913", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*", matchCriteriaId: "C1E8990D-D9A0-4A71-9D87-EC047E01B0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*", matchCriteriaId: "6DBCC172-6867-4DFD-AAEF-9BDB4DA21F46", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*", matchCriteriaId: "C2F2BEEA-46BB-4718-B0F3-B4EC62B678A6", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "8D09E11C-C5BB-409E-BB0D-7F351250419B", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*", matchCriteriaId: "6B06A05D-AA31-441D-9FC2-3558648C3B7E", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*", matchCriteriaId: "C0886901-6F93-44C1-B774-84D7E5D9554C", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "3F203A80-7C1E-4A04-8E99-63525E176753", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*", matchCriteriaId: "CA0A204C-158B-4014-A53C-75E0CD63E0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*", matchCriteriaId: "085BA581-7DA5-4FA4-A888-351281FD0A7D", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*", matchCriteriaId: "EA1C4B3C-5701-4233-BA94-28915713F9C8", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*", matchCriteriaId: "28D9F8D7-698A-486A-918A-7DB5CAFBB3CB", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "D125C2A0-A4B5-48D6-A38A-54755C3FDF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "0F85F672-0F21-4AD7-8620-13D82F2ECC22", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*", matchCriteriaId: "89070041-613A-4F7B-BD6A-C6091D21FC52", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "D9A71933-4BD5-4B11-8B14-D997E75F29CD", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "5B6BE11D-FC02-4950-A554-08CC9D8B1853", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A53FD0E1-9BAA-43F0-BCC9-0BE8D4356F55", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B80ADAE8-94D4-46A4-A5ED-FF134D808B52", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "69FA0221-5073-4D45-950F-119497B53FED", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "C4AE5B43-7C90-4C2A-A215-30F5EC5841C9", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "2CC1A110-B203-4962-8E1A-74BD98121AF6", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "B5A92C4D-B024-4D39-9479-409C39586F64", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E7E0C4F5-CF02-4FF6-AE9B-5B6B70D5C067", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*", matchCriteriaId: "5E8998CC-E372-46D0-8339-47DC8D92D253", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*", matchCriteriaId: "AF131FDC-BF8D-4A17-99F0-444EB900E83D", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "880811B3-E78E-456E-972E-DE733F368576", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "22411F18-2B93-405A-A3B5-2CF0A04977C6", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*", matchCriteriaId: "C71188B7-E6DC-41E5-B619-367341113501", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*", matchCriteriaId: "07491444-0196-4504-A971-A5E388B86BBA", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*", matchCriteriaId: "72BC6CD2-3291-4E69-8DC6-F3AB853F8931", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "CD43EDDF-58A7-4705-B8C7-FD76C35A437D", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "A7C2E603-568F-40F6-9A7C-439E2A51B37F", vulnerable: true, }, { criteria: "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "703421A7-E8C5-450B-97EF-FD9D99D4B834", vulnerable: true, }, { criteria: "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*", matchCriteriaId: "9519BCB2-B401-44CE-97F6-847BB36AE45F", vulnerable: true, }, { criteria: "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*", matchCriteriaId: "BBE573E8-DD94-4293-99AE-27B9067B3ED9", vulnerable: true, }, { criteria: "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*", matchCriteriaId: "D14413DA-5199-4282-9E22-D347E9D8E469", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*", matchCriteriaId: "05CC5F49-0E9E-45D8-827D-A5940566DB25", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*", matchCriteriaId: "5D94EE19-6CE9-4E02-8174-D9954CDBF02B", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*", matchCriteriaId: "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*", matchCriteriaId: "8CE38F15-BD42-4171-8670-86AA8169A60C", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "20C0BD87-CE4B-49D2-89BE-EF282C43AD72", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C3E6C4A8-59F4-43EE-8413-E95289037598", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FE76357A-27E6-4D85-9AA0-1BB658C41568", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C56C5FDB-24E2-479D-87CA-164CD28567D3", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019", vulnerable: true, }, { criteria: "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*", matchCriteriaId: "1B6CFEC9-0F8F-4CD4-ABD1-E6533F910F7F", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "12DE5E22-DF93-46BE-85A3-D4E04379E901", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*", matchCriteriaId: "BF28C435-C036-4507-8E3F-44E722F9974A", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*", matchCriteriaId: "CDA957E2-ABF9-49B2-874F-3FC3060CE0B0", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*", matchCriteriaId: "5F2CDFE7-6853-4A31-85C0-50C57A8D606A", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", matchCriteriaId: "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*", matchCriteriaId: "408A9DB0-81EF-4186-B338-44954E67289B", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*", matchCriteriaId: "5B0C5F92-7E93-4C3F-B22B-E6612A4D3E10", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*", matchCriteriaId: "2D0DC4B4-9AD9-4AC8-BFA7-A3D209B5D089", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*", matchCriteriaId: "303362A5-9C3C-4C85-8C97-2AB12CE01BF6", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*", matchCriteriaId: "FED22DC1-E06B-4511-B920-6DAB792262D8", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*", matchCriteriaId: "4CE44CA7-4BC7-4C2B-948F-2ACABB91528B", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F757B2A7-869F-4702-81EB-466317A79D61", vulnerable: true, }, { criteria: "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*", matchCriteriaId: "01F6E9A9-6C85-48DA-BC61-55F8EACCB59F", vulnerable: true, }, { criteria: "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*", matchCriteriaId: "64AF1E33-4086-43E2-8F54-DA75A99D4B75", vulnerable: true, }, { criteria: "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*", matchCriteriaId: "53D16F03-A4C7-4497-AB74-499F208FF059", vulnerable: true, }, { criteria: "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*", matchCriteriaId: "13A33EC1-836B-4C8C-AC18-B5BD4F90E612", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", matchCriteriaId: "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C558CED8-8342-46CB-9F52-580B626D320E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "0F85D19E-6C26-429D-B876-F34238B9DAAF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*", matchCriteriaId: "09063867-0E64-4630-B35B-4CCA348E4DAB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*", matchCriteriaId: "78F98CD7-A352-483C-9968-8FB2627A7CBD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F97FE485-705F-4707-B6C6-0EF9E8A85D5F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E2B925E8-D2C2-4E8C-AC21-0C422245C482", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "B9170562-872E-4C32-869C-B10FF35A925E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "D0927A68-8BB2-4F03-8396-E9CACC158FC0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "559DDBA3-2AF4-4A0C-B219-6779BA931F21", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", matchCriteriaId: "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5226C9CC-6933-4F10-B426-B47782C606FD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "757DAE9A-B25D-4B8A-A41B-66C2897B537E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "5E3DC170-E279-4725-B9EE-6840B5685CC9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*", matchCriteriaId: "8091EDA9-BD18-47F7-8CEC-E086238647C6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*", matchCriteriaId: "6F867890-74A4-4892-B99A-27DB4603B873", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CE05B514-F094-4632-B25B-973F976F6409", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "3392428D-1A85-4472-A276-C482A78E2CE1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*", matchCriteriaId: "40954985-16E6-4F37-B014-6A55166AE093", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*", matchCriteriaId: "0C097809-1FEF-4417-A201-42291CC29122", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.", }, { lang: "es", value: "OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS.", }, ], id: "CVE-2004-0081", lastModified: "2024-11-20T23:47:43.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-11-23T05:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc", }, { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { source: "cve@mitre.org", url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=107955049331965&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=108403850228012&w=2", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2004-119.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/11139", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { source: "cve@mitre.org", url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { source: "cve@mitre.org", url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2004/dsa-465", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/465542", }, { source: "cve@mitre.org", url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9899", }, { source: "cve@mitre.org", url: "http://www.trustix.org/errata/2004/0012", }, { source: "cve@mitre.org", url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://fedoranews.org/updates/FEDORA-2004-095.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=107955049331965&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=108403850228012&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2004-119.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/11139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200403-03.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2004/dsa-465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/465542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-120.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-121.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2004-139.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/9899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trustix.org/errata/2004/0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA04-078A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-18 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*", matchCriteriaId: "1710B5A7-08C4-44D8-A175-044FCD92B314", versionEndIncluding: "6.2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*", matchCriteriaId: "9757B880-0E5B-40B1-A15C-0EAA52046A73", versionEndExcluding: "6.2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "FEE68BD5-3D1C-4D69-B026-319FBEDBC798", versionEndIncluding: "6.2.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*", matchCriteriaId: "E26D80A2-E490-44B6-A8D2-1AEF487E72B2", versionEndIncluding: "2.3.1", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A0F26126-55C2-4E2E-A586-D93FF38ABF6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E87B8C7B-2654-4F9C-9B5D-794DA484B42D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9C6F5710-490D-41D4-8C9B-27FC530117A7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", matchCriteriaId: "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", matchCriteriaId: "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*", matchCriteriaId: "20352616-6BCA-485D-8DD7-DFC97AD6A30D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "68165D37-489E-45D7-BA7A-A38164B5C26D", versionEndExcluding: "19.1.0.0.0.210420", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0.210420:*:*:*:*:*:*:*", matchCriteriaId: "0C9A68D0-1C6A-4B0B-934B-F82555C09C51", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "44357172-4035-4D57-9C83-D80BDDE8E8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*", matchCriteriaId: "CE7DB324-98A0-40AD-96D4-0800340F6F3A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6D325A0-3441-41AC-B00F-F2A7F85370A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "0E703304-0752-46F2-998B-A3D37C9E7A54", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "722969B5-36CD-4413-954B-347BB7E51FAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "BF295023-399E-4180-A28B-2DA3327A372C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3E5A2A49-42B0-44EB-B606-999275DC1DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "54B0A494-14DD-4384-9DCE-14945EBE1A19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A890746E-EE1A-4DBC-BB04-84CC79767F85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6308E929-D44D-48A1-BAEE-47BE4E164124", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FDD2640A-5964-4937-B912-CEA2173FAFEE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11BE9059-29C1-417D-AFB3-98066E95D883", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*", matchCriteriaId: "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.", }, { lang: "es", value: "RSA BSAFE Crypto-J en versiones anteriores a la 6.2.5, son susceptibles a una vulnerabilidad Missing Required Cryptographic Step. Un atacante remoto malicioso podría explotar potencialmente esta vulnerabilidad para obligar a dos partes a calcular la misma clave compartida predecible.", }, ], id: "CVE-2019-3738", lastModified: "2024-11-21T04:42:26.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-18T23:15:11.047", references: [ { source: "security_alert@emc.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { source: "security_alert@emc.com", url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-325", }, ], source: "security_alert@emc.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-347", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-10 20:15
Modified
2024-11-21 07:09
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | bsafe_ssl-j | * | |
dell | bsafe_ssl-j | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "82A7B894-3248-4DF6-9DCC-E544979EB97D", versionEndExcluding: "6.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:7.0:*:*:*:*:*:*:*", matchCriteriaId: "50D0F0DB-24D9-4338-A981-48777D482BB0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "\n\n\nDell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.\n\n.\n\n\n\n\n\n\n\n", }, ], id: "CVE-2022-34364", lastModified: "2024-11-21T07:09:21.623", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-10T20:15:52.917", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1295", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-18 23:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*", matchCriteriaId: "1710B5A7-08C4-44D8-A175-044FCD92B314", versionEndIncluding: "6.2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*", matchCriteriaId: "9757B880-0E5B-40B1-A15C-0EAA52046A73", versionEndExcluding: "6.2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "FEE68BD5-3D1C-4D69-B026-319FBEDBC798", versionEndIncluding: "6.2.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E87B8C7B-2654-4F9C-9B5D-794DA484B42D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9C6F5710-490D-41D4-8C9B-27FC530117A7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", matchCriteriaId: "A7E8F4F3-1A39-4CBB-98C4-66D5DCE3F57D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", matchCriteriaId: "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*", matchCriteriaId: "20352616-6BCA-485D-8DD7-DFC97AD6A30D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "160EBE76-7CED-4210-9FBB-8649B14DAE1A", versionEndExcluding: "12.2.0.1.22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "68165D37-489E-45D7-BA7A-A38164B5C26D", versionEndExcluding: "19.1.0.0.0.210420", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "44357172-4035-4D57-9C83-D80BDDE8E8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*", matchCriteriaId: "CE7DB324-98A0-40AD-96D4-0800340F6F3A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*", matchCriteriaId: "6FFEA075-11EB-4E99-92A1-8B2883C64CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6D325A0-3441-41AC-B00F-F2A7F85370A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "0E703304-0752-46F2-998B-A3D37C9E7A54", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "722969B5-36CD-4413-954B-347BB7E51FAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "BF295023-399E-4180-A28B-2DA3327A372C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3E5A2A49-42B0-44EB-B606-999275DC1DA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "54B0A494-14DD-4384-9DCE-14945EBE1A19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A890746E-EE1A-4DBC-BB04-84CC79767F85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6308E929-D44D-48A1-BAEE-47BE4E164124", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*", matchCriteriaId: "FDD2640A-5964-4937-B912-CEA2173FAFEE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11BE9059-29C1-417D-AFB3-98066E95D883", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*", matchCriteriaId: "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.", }, { lang: "es", value: "RSA BSAFE Crypto-J versiones anteriores a 6.2.5, son susceptibles a una vulnerabilidad de Exposición de Información por medio de vulnerabilidades de Discrepancia de Sincronización durante la generación de claves DSA. Un atacante remoto malicioso podría explotar potencialmente esas vulnerabilidades para recuperar claves DSA.", }, ], id: "CVE-2019-3740", lastModified: "2024-11-21T04:42:26.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-18T23:15:11.173", references: [ { source: "security_alert@emc.com", url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }