CVE-2003-0544 (GCVE-0-2003-0544)

Vulnerability from cvelistv5

Published

2003-10-01 04:00

Modified

2024-08-08 01:58

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-4352-7f73-983c

Vulnerability from github

Published

2022-04-29 01:26

Modified

2022-04-29 01:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0544"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-11-17T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.",
  "id": "GHSA-4352-7f73-983c",
  "modified": "2022-04-29T01:26:36Z",
  "published": "2022-04-29T01:26:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
    },
    {
      "type": "WEB",
      "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22249"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.org/advisories/CA-2003-26.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2003/dsa-393"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2003/dsa-394"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/380864"
    },
    {
      "type": "WEB",
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/8732"
    },
    {
      "type": "WEB",
      "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3900"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

rhsa-2003_290

Vulnerability from csaf_redhat

Published

2003-09-30 12:16

Modified

2024-11-21 22:52

Summary

Red Hat Security Advisory: mod_ssl, openssl security update for Stronghold

Notes

Topic

Updated versions of Stronghold 4 cross-platform are available that fix several security issues affecting OpenSSL and mod_ssl. A number of bug fixes and new features are also included.

Details

Stronghold 4 contains a number of open source technologies, including OpenSSL 0.9.6 and mod_ssl. NISCC testing of implementations of the SSL protocol uncovered two bugs in OpenSSL 0.9.6. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash. A remote attacker could trigger this bug by sending a carefully crafted SSL client certificate to the Stronghold Web server, which would cause the server child process handling the request to terminate. The effects of such an attack would be limited, as Apache is designed to handle this situation. In most cases, an attack would simply cause increased server load, which would only last as long as an attacker continues to make malicious connections. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2003-0543 and CAN-2003-0544 to this issue. Ben Laurie found a bug in the optional renegotiation code in mod_ssl that can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used (SSLOptions +OptRenegotiate) along with verification of client certificates and a change to the cipher suite over the renegotiation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0192 to this issue. Users of Stronghold 4 cross-platform are advised to update to these errata versions, which contain backported security fixes and are not vulnerable to these issues. Red Hat would like to thank NISCC, Stephen Henson, and Ben Laurie for their work on these vulnerabilities.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of Stronghold 4 cross-platform are available that fix\nseveral security issues affecting OpenSSL and mod_ssl.  A number of bug\nfixes and new features are also included.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nOpenSSL 0.9.6 and mod_ssl.\n\nNISCC testing of implementations of the SSL protocol uncovered two bugs in\nOpenSSL 0.9.6.  The parsing of unusual ASN.1 tag values can cause OpenSSL\nto crash.  A remote attacker could trigger this bug by sending a carefully\ncrafted SSL client certificate to the Stronghold Web server, which would\ncause the server child process handling the request to terminate.  The\neffects of such an attack would be limited, as Apache is designed to handle\nthis situation.  In most cases, an attack would simply cause increased\nserver load, which would only last as long as an attacker continues to make\nmalicious connections.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CAN-2003-0543 and CAN-2003-0544 to\nthis issue.  \n\nBen Laurie found a bug in the optional renegotiation code in mod_ssl\nthat can cause cipher suite restrictions to be ignored. This is triggered\nif optional renegotiation is used (SSLOptions +OptRenegotiate) along with\nverification of client certificates and a change to the cipher suite over\nthe renegotiation.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0192 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.\n\nRed Hat would like to thank NISCC, Stephen Henson, and Ben Laurie for their\nwork on these vulnerabilities.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:290",
        "url": "https://access.redhat.com/errata/RHSA-2003:290"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "http://www.openssl.org/news/secadv_20030930.txt",
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_290.json"
      }
    ],
    "title": "Red Hat Security Advisory: mod_ssl, openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T22:52:00+00:00",
      "generator": {
        "date": "2024-11-21T22:52:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:290",
      "initial_release_date": "2003-09-30T12:16:00+00:00",
      "revision_history": [
        {
          "date": "2003-09-30T12:16:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-10-03T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:52:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0192",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616998"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle \"certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one,\" which could cause Apache to use the weak ciphersuite.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affected Red Hat Enterprise Linux 2.1 and an update was released to correct it:\nhttp://rhn.redhat.com/errata/RHSA-2003-244.html\n\nRed Hat Enterprise Linux 3 contained a backported patch to correct this issue since release.  This issue does not affect the versions of Apache in Enterprise Linux 4 or later.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0192"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616998",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616998"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0192"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0192",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0192"
        }
      ],
      "release_date": "2003-07-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0543",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "104893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#104893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543"
        }
      ],
      "release_date": "2003-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes"
    },
    {
      "cve": "CVE-2003-0544",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "104893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0544"
        },
        {
          "category": "external",
          "summary": "RHBZ#104893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0544",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0544"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544"
        }
      ],
      "release_date": "2003-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes"
    }
  ]
}

rhsa-2003:290

Vulnerability from csaf_redhat

Published

2003-09-30 12:16

Modified

2025-10-09 12:41

Summary

Red Hat Security Advisory: mod_ssl, openssl security update for Stronghold

Notes

Topic

Updated versions of Stronghold 4 cross-platform are available that fix several security issues affecting OpenSSL and mod_ssl. A number of bug fixes and new features are also included.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of Stronghold 4 cross-platform are available that fix\nseveral security issues affecting OpenSSL and mod_ssl.  A number of bug\nfixes and new features are also included.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nOpenSSL 0.9.6 and mod_ssl.\n\nNISCC testing of implementations of the SSL protocol uncovered two bugs in\nOpenSSL 0.9.6.  The parsing of unusual ASN.1 tag values can cause OpenSSL\nto crash.  A remote attacker could trigger this bug by sending a carefully\ncrafted SSL client certificate to the Stronghold Web server, which would\ncause the server child process handling the request to terminate.  The\neffects of such an attack would be limited, as Apache is designed to handle\nthis situation.  In most cases, an attack would simply cause increased\nserver load, which would only last as long as an attacker continues to make\nmalicious connections.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CAN-2003-0543 and CAN-2003-0544 to\nthis issue.  \n\nBen Laurie found a bug in the optional renegotiation code in mod_ssl\nthat can cause cipher suite restrictions to be ignored. This is triggered\nif optional renegotiation is used (SSLOptions +OptRenegotiate) along with\nverification of client certificates and a change to the cipher suite over\nthe renegotiation.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0192 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.\n\nRed Hat would like to thank NISCC, Stephen Henson, and Ben Laurie for their\nwork on these vulnerabilities.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:290",
        "url": "https://access.redhat.com/errata/RHSA-2003:290"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "http://www.openssl.org/news/secadv_20030930.txt",
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_290.json"
      }
    ],
    "title": "Red Hat Security Advisory: mod_ssl, openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2025-10-09T12:41:26+00:00",
      "generator": {
        "date": "2025-10-09T12:41:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2003:290",
      "initial_release_date": "2003-09-30T12:16:00+00:00",
      "revision_history": [
        {
          "date": "2003-09-30T12:16:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-10-03T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T12:41:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0192",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616998"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle \"certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one,\" which could cause Apache to use the weak ciphersuite.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affected Red Hat Enterprise Linux 2.1 and an update was released to correct it:\nhttp://rhn.redhat.com/errata/RHSA-2003-244.html\n\nRed Hat Enterprise Linux 3 contained a backported patch to correct this issue since release.  This issue does not affect the versions of Apache in Enterprise Linux 4 or later.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0192"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616998",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616998"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0192"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0192",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0192"
        }
      ],
      "release_date": "2003-07-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0543",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "104893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#104893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543"
        }
      ],
      "release_date": "2003-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes"
    },
    {
      "cve": "CVE-2003-0544",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "104893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0544"
        },
        {
          "category": "external",
          "summary": "RHBZ#104893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0544",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0544"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544"
        }
      ],
      "release_date": "2003-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes"
    }
  ]
}

RHSA-2003:290

Vulnerability from csaf_redhat

Published

2003-09-30 12:16

Modified

2025-10-09 12:41

Summary

Red Hat Security Advisory: mod_ssl, openssl security update for Stronghold

Notes

Topic

Updated versions of Stronghold 4 cross-platform are available that fix several security issues affecting OpenSSL and mod_ssl. A number of bug fixes and new features are also included.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of Stronghold 4 cross-platform are available that fix\nseveral security issues affecting OpenSSL and mod_ssl.  A number of bug\nfixes and new features are also included.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nOpenSSL 0.9.6 and mod_ssl.\n\nNISCC testing of implementations of the SSL protocol uncovered two bugs in\nOpenSSL 0.9.6.  The parsing of unusual ASN.1 tag values can cause OpenSSL\nto crash.  A remote attacker could trigger this bug by sending a carefully\ncrafted SSL client certificate to the Stronghold Web server, which would\ncause the server child process handling the request to terminate.  The\neffects of such an attack would be limited, as Apache is designed to handle\nthis situation.  In most cases, an attack would simply cause increased\nserver load, which would only last as long as an attacker continues to make\nmalicious connections.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CAN-2003-0543 and CAN-2003-0544 to\nthis issue.  \n\nBen Laurie found a bug in the optional renegotiation code in mod_ssl\nthat can cause cipher suite restrictions to be ignored. This is triggered\nif optional renegotiation is used (SSLOptions +OptRenegotiate) along with\nverification of client certificates and a change to the cipher suite over\nthe renegotiation.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0192 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.\n\nRed Hat would like to thank NISCC, Stephen Henson, and Ben Laurie for their\nwork on these vulnerabilities.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:290",
        "url": "https://access.redhat.com/errata/RHSA-2003:290"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "http://www.openssl.org/news/secadv_20030930.txt",
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_290.json"
      }
    ],
    "title": "Red Hat Security Advisory: mod_ssl, openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2025-10-09T12:41:26+00:00",
      "generator": {
        "date": "2025-10-09T12:41:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2003:290",
      "initial_release_date": "2003-09-30T12:16:00+00:00",
      "revision_history": [
        {
          "date": "2003-09-30T12:16:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-10-03T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T12:41:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0192",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616998"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle \"certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one,\" which could cause Apache to use the weak ciphersuite.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affected Red Hat Enterprise Linux 2.1 and an update was released to correct it:\nhttp://rhn.redhat.com/errata/RHSA-2003-244.html\n\nRed Hat Enterprise Linux 3 contained a backported patch to correct this issue since release.  This issue does not affect the versions of Apache in Enterprise Linux 4 or later.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0192"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616998",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616998"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0192"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0192",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0192"
        }
      ],
      "release_date": "2003-07-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0543",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "104893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#104893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543"
        }
      ],
      "release_date": "2003-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes"
    },
    {
      "cve": "CVE-2003-0544",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "104893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0544"
        },
        {
          "category": "external",
          "summary": "RHBZ#104893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0544",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0544"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544"
        }
      ],
      "release_date": "2003-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes"
    }
  ]
}

fkie_cve-2003-0544

Vulnerability from fkie_nvd

Published

2003-11-17 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
cve@mitre.org	http://secunia.com/advisories/22249
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21247112
cve@mitre.org	http://www.cert.org/advisories/CA-2003-26.html	US Government Resource
cve@mitre.org	http://www.debian.org/security/2003/dsa-393
cve@mitre.org	http://www.debian.org/security/2003/dsa-394
cve@mitre.org	http://www.kb.cert.org/vuls/id/380864	US Government Resource
cve@mitre.org	http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-291.html	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-292.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/8732
cve@mitre.org	http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3900
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43041
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22249
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21247112
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.org/advisories/CA-2003-26.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2003/dsa-393
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2003/dsa-394
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/380864	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-291.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-292.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/8732
af854a3a-2127-422b-91ae-364da2661108	http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3900
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43041
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574

Impacted products

	Vendor	Product	Version
	openssl	openssl	0.9.6
	openssl	openssl	0.9.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used."
    },
    {
      "lang": "es",
      "value": "OpenSSL 0.9.6 y 0.9.7no lleva bien la cuenta del n\u00famero de caract\u00e9res de ciertas entradas ASN.1, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un certifiucado que hace que OpenSSL lea m\u00e1s all\u00e1 del b\u00fafer cuando una forma larga es usada."
    }
  ],
  "id": "CVE-2003-0544",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-11-17T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22249"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2003-26.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-393"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-394"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/380864"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/8732"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3900"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2003-26.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/380864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/8732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).\n",
      "lastModified": "2008-07-07T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-200311-0090

Vulnerability from variot

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Crafted by a third party ASN.1 The client certificate containing the object OpenSSL By passing it to the application that uses (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----

OpenSSL Security Advisory [30 September 2003]

Vulnerabilities in ASN.1 parsing

NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates.

Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite.

Vulnerabilities

Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6.
Exploitation of an affected application would result in a denial of service vulnerability.
This by itself is not strictly speaking a vulnerability but it does mean that all SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication.

Who is affected?

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected.

Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.

Recommendations

Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries.

References

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545

and CAN-2003-0543 and CAN-2003-0544 for issue 2:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544

URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200311-0090",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 4.0,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "mandrakesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 1.6,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "appgate network security ab",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "conectiva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cray",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guardian digital",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ingrian",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "novell",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "rsa security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sgi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stunnel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "tawie server linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wirex",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.1s"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "1.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "cobalt qube3",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq4",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raq550",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "cobalt raqxtr",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "java system application server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7 platform edition update 2"
      },
      {
        "model": "java system application server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7 standard edition update 2"
      },
      {
        "model": "java system directory server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "5.1"
      },
      {
        "model": "java system web server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "4.1 sp13"
      },
      {
        "model": "java system web server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6.0 sp6"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6.1"
      },
      {
        "model": "linux 5.0",
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "turbolinux advanced server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.1"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.5"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "6.0"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux apache-based web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "9"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "gsx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.15336"
      },
      {
        "model": "esx server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.05257"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5.2"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.30"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.200"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.11"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.10"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.01"
      },
      {
        "model": "enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.0"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one web server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1x86"
      },
      {
        "model": "one directory server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one directory server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one application server ur2 standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur2 platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur1 standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur1 platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server platform edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "grid engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3x86"
      },
      {
        "model": "grid engine sun linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "grid engine 64-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "grid engine 32-bit sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.3"
      },
      {
        "model": "cluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.1"
      },
      {
        "model": "cluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.0"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.9"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.8"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.6"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.5"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.4"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7.1"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.7"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.3"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.6.2"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.18"
      },
      {
        "model": "stonegate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "1.5.17"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat webcluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat securitycluster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat high availability",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.1"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.5"
      },
      {
        "model": "stonebeat fullcluster for raptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for gauntlet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "3.0"
      },
      {
        "model": "stonebeat fullcluster for firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stonesoft",
        "version": "2.0"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.9.1"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.9"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.8.1"
      },
      {
        "model": "ssleay",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssleay",
        "version": "0.6.6"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.5"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.4"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.3"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.8"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.7"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.6"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.5"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.4"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.3"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.2"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.1"
      },
      {
        "model": "communications security ssh sentinel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4"
      },
      {
        "model": "communications security ipsec express toolkit",
        "scope": null,
        "trust": 0.3,
        "vendor": "ssh",
        "version": null
      },
      {
        "model": "os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "snapgear",
        "version": "1.8.4"
      },
      {
        "model": "gpl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "smoothwall",
        "version": "1.0"
      },
      {
        "model": "express beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "smoothwall",
        "version": "2.0"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "2.3"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "2.2.1"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.22"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.7"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.6"
      },
      {
        "model": "open server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "5.0.5"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle9i application server .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.4"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.3"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.2"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "3.1"
      },
      {
        "model": "nsure audit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.1"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "5.1"
      },
      {
        "model": "netmail e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.10"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.1"
      },
      {
        "model": "netmail b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.3"
      },
      {
        "model": "netmail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.0.1"
      },
      {
        "model": "international cryptographic infostructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.6.1"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.0.2"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.0"
      },
      {
        "model": "imanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.5"
      },
      {
        "model": "ichain server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server fp1a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "ichain server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.2"
      },
      {
        "model": "groupwise webaccess sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise webaccess sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "groupwise internet agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5.1"
      },
      {
        "model": "groupwise sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.5"
      },
      {
        "model": "groupwise sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "6.0"
      },
      {
        "model": "edirectory su1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.6.2"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.27"
      },
      {
        "model": "edirectory a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5.12"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.5"
      },
      {
        "model": "edirectory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.0"
      },
      {
        "model": "bordermanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.8"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.2"
      },
      {
        "model": "linux mandrake ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "9.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "8.2"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.1"
      },
      {
        "model": "networks t-series router t640",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks t-series router t320",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1.1"
      },
      {
        "model": "networks sdx-300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.1"
      },
      {
        "model": "networks m-series router m5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40e",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m160",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks m-series router m10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "siparator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2.1"
      },
      {
        "model": "firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.2"
      },
      {
        "model": "rational rose",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2000"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.47"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.42.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.42"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.28"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.26"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.19"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.12.2"
      },
      {
        "model": "hp-ux aaa server a.06.01.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.20"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "wbem services for hp-ux a.01.05.05",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "isman",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "firepass",
        "scope": null,
        "trust": 0.3,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "bigip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.5"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.4"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "3-dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.3"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.2"
      },
      {
        "model": "ssh for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "5.1"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.2.3"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.2.0"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.1.0"
      },
      {
        "model": "ssh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.1.0"
      },
      {
        "model": "ssh for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.0.1"
      },
      {
        "model": "open software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cray",
        "version": "3.4"
      },
      {
        "model": "associates etrust security command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "threat response",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "sn storage router sn5428-3.3.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.3.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.2.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-3.2.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2.5.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2-3.3.2-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sn storage router sn5428-2-3.3.1-k9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5428"
      },
      {
        "model": "sip proxy server",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure policy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "520"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "515"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "gss global site selector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4480"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "css11000 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "css secure content accelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.2"
      },
      {
        "model": "ciscoworks wireless lan solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1105"
      },
      {
        "model": "ciscoworks hosting solution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1105"
      },
      {
        "model": "application \u0026 content networking software",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "point software vpn-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software vpn-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software providor-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software nokia voyager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software next generation fp3 hf2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3 hf1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp3",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software next generation fp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "check",
        "version": null
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.1"
      },
      {
        "model": "point software firewall-1 sp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1 sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "4.0"
      },
      {
        "model": "point software firewall-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "check",
        "version": "3.0"
      },
      {
        "model": "firewall server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "borderware",
        "version": "7.0"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.0"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.0"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "tarantella",
        "version": "33.40"
      },
      {
        "model": "solaris 8 x86",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 8 sparc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 7.0 x86",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one web server sp7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.0"
      },
      {
        "model": "one web server sp14",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "4.1"
      },
      {
        "model": "one directory server sp3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "5.1"
      },
      {
        "model": "one application server ur2 upgrade standard",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "one application server ur2 upgrade platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "java system web server sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "6.1"
      },
      {
        "model": "cluster",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2.2"
      },
      {
        "model": "cluster",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2.1"
      },
      {
        "model": "communications security ssh2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "3.2.9"
      },
      {
        "model": "communications security ssh sentinel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ssh",
        "version": "1.4.1"
      },
      {
        "model": "os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "snapgear",
        "version": "1.8.5"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "nsure audit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.3"
      },
      {
        "model": "nsure audit",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0.2"
      },
      {
        "model": "netmail f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.1"
      },
      {
        "model": "imanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "2.5"
      },
      {
        "model": "edirectory su1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "8.7.1"
      },
      {
        "model": "siparator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ingate",
        "version": "3.3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "hp-ux aaa server a.06.01.02.04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "wbem services for hp-ux a.01.05.07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NISCC uniras@niscc.gov.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0544",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2003-0544",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.8,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0544",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#104280",
            "trust": 0.8,
            "value": "11.81"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#732952",
            "trust": 0.8,
            "value": "2.53"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#686224",
            "trust": 0.8,
            "value": "1.50"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#935264",
            "trust": 0.8,
            "value": "21.52"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#380864",
            "trust": 0.8,
            "value": "11.25"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#255484",
            "trust": 0.8,
            "value": "11.25"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200311-040",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Multiple vulnerabilities exist in different vendors\u0027 SSL/TLS implementations.  The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages.  This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL Is X.509 With a certificate etc. ASN.1 Authentication information is exchanged using objects. In addition, SSL/TLS Implement the protocol OpenSSL Many other products also contain this vulnerability ASN.1 The existence of vulnerabilities related to processing has been confirmed.Crafted by a third party ASN.1 The client certificate containing the object OpenSSL By passing it to the application that uses (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\n\nOpenSSL Security Advisory [30 September 2003]\n\nVulnerabilities in ASN.1 parsing\n================================\n\nNISCC (www.niscc.gov.uk) prepared a test suite to check the operation\nof SSL/TLS software when presented with a wide range of malformed client\ncertificates. \n\nDr Stephen Henson (steve@openssl.org) of the OpenSSL core team\nidentified and prepared fixes for a number of vulnerabilities in the\nOpenSSL ASN1 code when running the test suite. \n\nVulnerabilities\n- ---------------\n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of service\nattack. It is currently unknown whether this can be exploited to run\nmalicious code. This issue does not affect OpenSSL 0.9.6. \n\n2. \n\n3. Exploitation of an affected\napplication would result in a denial of service vulnerability. \n\n4. This by\nitself is not strictly speaking a vulnerability but it does mean that\n*all* SSL/TLS servers that use OpenSSL can be attacked using\nvulnerabilities 1, 2 and 3 even if they don\u0027t enable client authentication. \n\nWho is affected?\n- ----------------\n\nAll versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all\nversions of SSLeay are affected. \n\nAny application that makes use of OpenSSL\u0027s ASN1 library to parse\nuntrusted data. This includes all SSL or TLS applications, those using\nS/MIME (PKCS#7) or certificate generation routines. \n\nRecommendations\n- ---------------\n\nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nReferences\n- ----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0545 for issue 1:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\n\nand CAN-2003-0543 and CAN-2003-0544 for issue 2:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20030930.txt\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q\nx4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS\n3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un\nxjGKYbcITrM=\n=fFTe\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      },
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      }
    ],
    "trust": 6.3
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#380864",
        "trust": 3.5
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544",
        "trust": 2.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224",
        "trust": 1.9
      },
      {
        "db": "BID",
        "id": "8732",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#104280",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3900",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "22249",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264",
        "trust": 1.1
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484",
        "trust": 1.1
      },
      {
        "db": "XF",
        "id": "13316",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "CA-2003-26",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:291",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:292",
        "trust": 0.6
      },
      {
        "db": "SUNALERT",
        "id": "201029",
        "trust": 0.6
      },
      {
        "db": "ENGARDE",
        "id": "ESA-20030930-027",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "1",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "43041",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-394",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-393",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:4574",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "31738",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "id": "VAR-200311-0090",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2022-05-29T19:39:34.176000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "title": "HPSBUX00288",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00891831"
      },
      {
        "title": "HPSBUX00290",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00901847"
      },
      {
        "title": "HPSBUX0310-284",
        "trust": 0.8,
        "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-284"
      },
      {
        "title": "HPSBUX0310-284",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-284.html"
      },
      {
        "title": "openssl",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/data/openssl.html"
      },
      {
        "title": "secadv_20030930",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "title": "RHSA-2003:292",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-292.html"
      },
      {
        "title": "RHSA-2003:291",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-291.html"
      },
      {
        "title": "RHSA-2003:293",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-293.html"
      },
      {
        "title": "57599",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-1"
      },
      {
        "title": "57472",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-1"
      },
      {
        "title": "57100",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-1"
      },
      {
        "title": "57498",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-1"
      },
      {
        "title": "57498",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57498-3"
      },
      {
        "title": "57599",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57599-3"
      },
      {
        "title": "57472",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57472-3"
      },
      {
        "title": "57100",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57100-3"
      },
      {
        "title": "TLSA-2003-55",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2003/tlsa-2003-55.txt"
      },
      {
        "title": "#62",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/031210_62/top.html"
      },
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030930-ssl-j.shtml"
      },
      {
        "title": "RHSA-2003:292",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-292j.html"
      },
      {
        "title": "RHSA-2003:291",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-291j.html"
      },
      {
        "title": "RHSA-2003:293",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-293j.html"
      },
      {
        "title": "TLSA-2003-55",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-55j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 5.1,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
      },
      {
        "trust": 4.8,
        "url": "http://www.ietf.org/rfc/rfc2246.txt"
      },
      {
        "trust": 4.0,
        "url": "http://wp.netscape.com/eng/ssl3/"
      },
      {
        "trust": 4.0,
        "url": "http://www.itu.int/itu-t/studygroups/com10/languages/"
      },
      {
        "trust": 3.9,
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "trust": 3.2,
        "url": "http://www.ietf.org/html.charters/pkix-charter.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.cert.org/advisories/ca-2003-26.html"
      },
      {
        "trust": 2.7,
        "url": "http://www.kb.cert.org/vuls/id/380864"
      },
      {
        "trust": 1.9,
        "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
      },
      {
        "trust": 1.6,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-292.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-291.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2003/dsa-394"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2003/dsa-393"
      },
      {
        "trust": 1.6,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
      },
      {
        "trust": 1.6,
        "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/8732"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/22249"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/686224"
      },
      {
        "trust": 1.1,
        "url": "http://www.kb.cert.org/vuls/id/732952"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/3900"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4574"
      },
      {
        "trust": 0.9,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087450.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/tls.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.rsasecurity.com/rsalabs/pkcs/"
      },
      {
        "trust": 0.8,
        "url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/n-159.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/o-065.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0544"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/advisories/default.aspx?id=br-20031104-00633.xml"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/13316"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0544"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20031104-00748.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/104280"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20031001_103420.html"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/43041"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3900"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:4574"
      },
      {
        "trust": 0.3,
        "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-tech.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120400.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57599"
      },
      {
        "trust": 0.3,
        "url": "http://www.info.apple.com/usen/security/security_updates.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/swupdates/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967586.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/download/esx/esx2-openssh.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967420.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967421.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.borderware.com/products/firewall.php"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967425.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967411.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967408.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967399.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/download/gsx_security.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:098"
      },
      {
        "trust": 0.3,
        "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0422.1"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm"
      },
      {
        "trust": 0.3,
        "url": "http://cirt.dk/advisories/cirt-32-advisory.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.cirt.dk/advisories/cirt-31-advisory.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3040.html"
      },
      {
        "trust": 0.3,
        "url": "http://metalink.oracle.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.smoothwall.org/home/news/item/20031001.01.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingate.com/relnote-331.php"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-293.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_asn_vulnerability.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/security-alerts/"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.stonesoft.com/document/art/3041.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/newsroom/article/476/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ssh.com/company/newsroom/article/477/"
      },
      {
        "trust": 0.3,
        "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57100"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57498"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/patches/linux/security.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.tarantella.com/security/bulletin-08.html"
      },
      {
        "trust": 0.3,
        "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.borderware.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/255484"
      },
      {
        "trust": 0.3,
        "url": "http://www.kb.cert.org/vuls/id/935264"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/343055"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0545"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0545"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0543"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0544"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "BID",
        "id": "8732"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "date": "2003-09-30T16:10:22",
        "db": "PACKETSTORM",
        "id": "31738"
      },
      {
        "date": "2003-09-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "date": "2003-11-17T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-08-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#104280"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#732952"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#686224"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#935264"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#380864"
      },
      {
        "date": "2003-10-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#255484"
      },
      {
        "date": "2016-07-06T14:32:00",
        "db": "BID",
        "id": "8732"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000288"
      },
      {
        "date": "2010-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      },
      {
        "date": "2018-05-03T01:29:00",
        "db": "NVD",
        "id": "CVE-2003-0544"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in SSL/TLS implementations",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#104280"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "8732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200311-040"
      }
    ],
    "trust": 0.9
  }
}

gsd-2003-0544

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2003-0544

Aliases

CVE-2003-0544

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0544",
    "description": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.",
    "id": "GSD-2003-0544",
    "references": [
      "https://www.suse.com/security/cve/CVE-2003-0544.html",
      "https://www.debian.org/security/2003/dsa-394",
      "https://www.debian.org/security/2003/dsa-393",
      "https://access.redhat.com/errata/RHSA-2003:293",
      "https://access.redhat.com/errata/RHSA-2003:292",
      "https://access.redhat.com/errata/RHSA-2003:291",
      "https://access.redhat.com/errata/RHSA-2003:290",
      "https://packetstormsecurity.com/files/cve/CVE-2003-0544"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0544"
      ],
      "details": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.",
      "id": "GSD-2003-0544",
      "modified": "2023-12-13T01:22:13.688392Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0544",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2003:292",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
          },
          {
            "name": "oval:org.mitre.oval:def:4574",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
          },
          {
            "name": "VU#380864",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/380864"
          },
          {
            "name": "openssl-asn1-sslclient-dos(43041)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
          },
          {
            "name": "ADV-2006-3900",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3900"
          },
          {
            "name": "DSA-393",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2003/dsa-393"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
          },
          {
            "name": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
            "refsource": "MISC",
            "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
          },
          {
            "name": "DSA-394",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2003/dsa-394"
          },
          {
            "name": "RHSA-2003:291",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
          },
          {
            "name": "CA-2003-26",
            "refsource": "CERT",
            "url": "http://www.cert.org/advisories/CA-2003-26.html"
          },
          {
            "name": "22249",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22249"
          },
          {
            "name": "8732",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/8732"
          },
          {
            "name": "201029",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
          },
          {
            "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
            "refsource": "CONFIRM",
            "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
          },
          {
            "name": "ESA-20030930-027",
            "refsource": "ENGARDE",
            "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0544"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2003:291",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
            },
            {
              "name": "RHSA-2003:292",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
            },
            {
              "name": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
            },
            {
              "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
            },
            {
              "name": "ESA-20030930-027",
              "refsource": "ENGARDE",
              "tags": [],
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
            },
            {
              "name": "DSA-393",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2003/dsa-393"
            },
            {
              "name": "DSA-394",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2003/dsa-394"
            },
            {
              "name": "CA-2003-26",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.cert.org/advisories/CA-2003-26.html"
            },
            {
              "name": "VU#380864",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/380864"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
            },
            {
              "name": "22249",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22249"
            },
            {
              "name": "8732",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/8732"
            },
            {
              "name": "201029",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
            },
            {
              "name": "ADV-2006-3900",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3900"
            },
            {
              "name": "openssl-asn1-sslclient-dos(43041)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
            },
            {
              "name": "oval:org.mitre.oval:def:4574",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-05-03T01:29Z",
      "publishedDate": "2003-11-17T05:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2003-0544 (GCVE-0-2003-0544)

Vulnerability from cvelistv5

ghsa-4352-7f73-983c

Vulnerability from github

rhsa-2003_290

Vulnerability from csaf_redhat

rhsa-2003:290

Vulnerability from csaf_redhat

RHSA-2003:290

Vulnerability from csaf_redhat

fkie_cve-2003-0544

Vulnerability from fkie_nvd

var-200311-0090

Vulnerability from variot

Vulnerabilities in ASN.1 parsing

gsd-2003-0544

Vulnerability from gsd

Tags

Sightings

Nomenclature