Vulnerability-Lookup

CVE-2014-3569 (GCVE-0-2014-3569)

Vulnerability from cvelistv5 – Published: 2014-12-24 11:00 – Updated: 2024-08-06 10:50

Summary

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

41 references

URL	Tags
http://www.securityfocus.com/bid/71934	vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=142895206924048&w=2	vendor-advisoryx_refsource_HP
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
http://people.canonical.com/~ubuntu-security/cve/…	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisoryx_refsource_HP
https://support.apple.com/HT204659	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisoryx_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
http://www.securitytracker.com/id/1033378	vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=142721102728110&w=2	vendor-advisoryx_refsource_HP
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://www.openssl.org/news/secadv_20150108.txt	x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=142496289803847&w=2	vendor-advisoryx_refsource_HP
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…	x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisoryx_refsource_HP
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050205101530&w=2	vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142496179803395&w=2	vendor-advisoryx_refsource_HP
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
https://support.citrix.com/article/CTX216642	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144050254401665&w=2	vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142496289803847&w=2	vendor-advisoryx_refsource_HP
http://rt.openssl.org/Ticket/Display.html?id=3571…	x_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa88	x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3125	vendor-advisoryx_refsource_DEBIAN

Date Public ?

2014-10-20 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "71934",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71934"
          },
          {
            "name": "HPSBOV03318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b"
          },
          {
            "name": "HPSBUX03244",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "SSRT101885",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.  NOTE: this issue became relevant after the CVE-2014-3568 fix."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "71934",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71934"
        },
        {
          "name": "HPSBOV03318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b"
        },
        {
          "name": "HPSBUX03244",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "SSRT101885",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3569",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.  NOTE: this issue became relevant after the CVE-2014-3568 fix."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "71934",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71934"
            },
            {
              "name": "HPSBOV03318",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html",
              "refsource": "CONFIRM",
              "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2014-3569",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2014-3569"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b"
            },
            {
              "name": "HPSBUX03244",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "SSRT101885",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest",
              "refsource": "CONFIRM",
              "url": "http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3569",
    "datePublished": "2014-12-24T11:00:00.000Z",
    "dateReserved": "2014-05-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T10:50:17.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2014-3569",
      "date": "2026-05-24",
      "epss": "0.07556",
      "percentile": "0.91927"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3703E445-17C0-4C85-A496-A35641C0C8DB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.  NOTE: this issue became relevant after the CVE-2014-3568 fix.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n ssl23_get_client_hello en s23_srvr.c en OpenSSL 0.9.8zc, 1.0.0o y 1.0.1j no maneja adecuadamente los intentos de utilizar protocolos no soportados, lo que permite a atacantes remotos causar una denegaci\\u00f3n de servicio (referencia a puntero NULL y ca\\u00edda de demonio) a trav\\u00e9s de un apret\\u00f3n de manos no esperado, seg\\u00fan lo demostrado por un apret\\u00f3n de manos SSLv3 a una aplicaci\\u00f3n no-ssl3 con ciertos manejos de errores. NOTA: este problema se volvi\\u00f3 relevante despu\\u00e9s de la correcci\\u00f3n de CVE-2014-3568.\"}]",
      "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
      "id": "CVE-2014-3569",
      "lastModified": "2024-11-21T02:08:24.510",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-12-24T11:59:00.057",
      "references": "[{\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3125\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:019\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/71934\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1033378\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa88\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2014-3569\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://support.apple.com/HT204659\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://support.citrix.com/article/CTX216642\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.openssl.org/news/secadv_20150108.txt\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3125\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:019\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/71934\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1033378\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa88\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2014-3569\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT204659\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.citrix.com/article/CTX216642\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openssl.org/news/secadv_20150108.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3569\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-12-24T11:59:00.057\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.  NOTE: this issue became relevant after the CVE-2014-3568 fix.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ssl23_get_client_hello en s23_srvr.c en OpenSSL 0.9.8zc, 1.0.0o y 1.0.1j no maneja adecuadamente los intentos de utilizar protocolos no soportados, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de demonio) a trav\u00e9s de un apret\u00f3n de manos no esperado, seg\u00fan lo demostrado por un apret\u00f3n de manos SSLv3 a una aplicaci\u00f3n no-ssl3 con ciertos manejos de errores. NOTA: este problema se volvi\u00f3 relevante despu\u00e9s de la correcci\u00f3n de CVE-2014-3568.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3703E445-17C0-4C85-A496-A35641C0C8DB\"}]}]}],\"references\":[{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3125\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:019\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/71934\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1033378\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa88\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2014-3569\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT204659\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.citrix.com/article/CTX216642\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.openssl.org/news/secadv_20150108.txt\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3569.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rt.openssl.org/Ticket/Display.html?id=3571\u0026user=guest\u0026pass=guest\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/71934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1033378\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa88\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=b82924741b4bd590da890619be671f4635e46c2b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2014-3569\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT204659\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.citrix.com/article/CTX216642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssl.org/news/secadv_20150108.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/476.html\\\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e\"}}"
  }
}

CERTFR-2015-AVI-008

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans OpenSSL. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
OpenSSL	OpenSSL	OpenSSL 1.0.0 (versions antérieures à 1.0.0p)
OpenSSL	OpenSSL	OpenSSL 1.0.1 (versions antérieures à 1.0.1k)
OpenSSL	OpenSSL	OpenSSL 0.9.8 (versions antérieures à 0.9.8zd)

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 08 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL 1.0.0 (versions ant\u00e9rieures \u00e0 1.0.0p)",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 1.0.1 (versions ant\u00e9rieures \u00e0 1.0.1k)",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 0.9.8 (versions ant\u00e9rieures \u00e0 0.9.8zd)",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOpenSSL\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 08 janvier 2015",
      "url": "https://mta.opensslfoundation.net/pipermail/openssl-announce/2015-January/000007.html"
    }
  ]
}

CERTFR-2015-AVI-108

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20150310-ssl du 10 mars 2015	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20150310-ssl du 10 mars 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eDe multiples produits sont impact\u00e9s. Se r\u00e9f\u00e9rer au bulletin de  l\u0027\u00e9diteur pour la liste exhaustive des produits.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150310-ssl du 10 mars    2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
    }
  ],
  "reference": "CERTFR-2015-AVI-108",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150310-ssl du 10 mars 2015",
      "url": null
    }
  ]
}

CERTFR-2015-AVI-139

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple Macintosh OS X. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.g

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple Macintosh OS X

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple APPLE-SA-2015-04-08-2 du 09 avril 2015	None	vendor-advisory
Bulletin de sécurité Apple APPLE-SA-2015-04-08-2 du 09 avril 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple Macintosh OS X\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3479"
    },
    {
      "name": "CVE-2015-1134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1134"
    },
    {
      "name": "CVE-2015-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1098"
    },
    {
      "name": "CVE-2014-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0238"
    },
    {
      "name": "CVE-2015-1132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1132"
    },
    {
      "name": "CVE-2014-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0207"
    },
    {
      "name": "CVE-2015-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1545"
    },
    {
      "name": "CVE-2014-0118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0118"
    },
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2015-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1117"
    },
    {
      "name": "CVE-2015-1131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1131"
    },
    {
      "name": "CVE-2014-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3669"
    },
    {
      "name": "CVE-2015-1136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1136"
    },
    {
      "name": "CVE-2015-1144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1144"
    },
    {
      "name": "CVE-2015-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1104"
    },
    {
      "name": "CVE-2015-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1105"
    },
    {
      "name": "CVE-2014-4380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4380"
    },
    {
      "name": "CVE-2014-5120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5120"
    },
    {
      "name": "CVE-2015-1146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1146"
    },
    {
      "name": "CVE-2014-3538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3538"
    },
    {
      "name": "CVE-2015-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1093"
    },
    {
      "name": "CVE-2015-1141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1141"
    },
    {
      "name": "CVE-2014-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0237"
    },
    {
      "name": "CVE-2014-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0117"
    },
    {
      "name": "CVE-2014-4405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4405"
    },
    {
      "name": "CVE-2015-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1102"
    },
    {
      "name": "CVE-2014-0098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
    },
    {
      "name": "CVE-2015-1137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1137"
    },
    {
      "name": "CVE-2014-2497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2497"
    },
    {
      "name": "CVE-2015-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1091"
    },
    {
      "name": "CVE-2015-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1100"
    },
    {
      "name": "CVE-2015-1133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1133"
    },
    {
      "name": "CVE-2014-4404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4404"
    },
    {
      "name": "CVE-2014-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3710"
    },
    {
      "name": "CVE-2015-1088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1088"
    },
    {
      "name": "CVE-2013-5704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5704"
    },
    {
      "name": "CVE-2014-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0231"
    },
    {
      "name": "CVE-2014-4670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4670"
    },
    {
      "name": "CVE-2015-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1099"
    },
    {
      "name": "CVE-2015-1138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1138"
    },
    {
      "name": "CVE-2014-8830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8830"
    },
    {
      "name": "CVE-2015-1145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1145"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-3480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3480"
    },
    {
      "name": "CVE-2014-3478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3478"
    },
    {
      "name": "CVE-2015-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1101"
    },
    {
      "name": "CVE-2015-1140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1140"
    },
    {
      "name": "CVE-2015-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1089"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-1546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1546"
    },
    {
      "name": "CVE-2014-4698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4698"
    },
    {
      "name": "CVE-2014-3668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3668"
    },
    {
      "name": "CVE-2015-1143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1143"
    },
    {
      "name": "CVE-2015-1130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1130"
    },
    {
      "name": "CVE-2013-6438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2014-3670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3670"
    },
    {
      "name": "CVE-2014-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3587"
    },
    {
      "name": "CVE-2015-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1135"
    },
    {
      "name": "CVE-2014-3487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3487"
    },
    {
      "name": "CVE-2014-4049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4049"
    },
    {
      "name": "CVE-2014-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3597"
    },
    {
      "name": "CVE-2014-3523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3523"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09    avril 2015",
      "url": "https://support.apple.com/en-us/HT204659"
    }
  ],
  "reference": "CERTFR-2015-AVI-139",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple Macintosh OS X\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.g\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Macintosh OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09 avril 2015",
      "url": null
    }
  ]
}

CERTFR-2015-AVI-146

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper NSM versions antérieures à 2012.2R12
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R9
Juniper Networks	N/A	Juniper CTPOS versions antérieures à 6.6R5
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.2X50-D70
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 11.4R12
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2X51-D30
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R7
Juniper Networks	N/A	Juniper NSM versions antérieures à 2012.2R11
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R10
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2R6
Juniper Networks	N/A	Juniper CTPView versions antérieures à 7.1R1
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.3R6
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.2R1
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3X48-D10
Juniper Networks	N/A	Juniper CTPOS versions antérieures à 7.0R4
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.1X53-D10
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.1X46-D35
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.1X47-D25
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.1R5
Juniper Networks	N/A	Juniper CTPOS versions antérieures à 7.1R1
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.1X44-D50
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.3R5
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2X52-D15
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.1R3
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.2R3
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2R8
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.2R9
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.1X50-D30
Juniper Networks	N/A	Juniper IDP OS versions antérieures à 5.1r4

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10679 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10676 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10673 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10672 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10680 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10677 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10678 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10675 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10674 du 07 avril 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 6.6R5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.2X50-D70",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 11.4R12",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2X51-D30",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2R6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPView versions ant\u00e9rieures \u00e0 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.3R6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3X48-D10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 7.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D35",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X47-D25",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X44-D50",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.3R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2X52-D15",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2R8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.2R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.1X50-D30",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IDP OS versions ant\u00e9rieures \u00e0 5.1r4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-3002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3002"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3004"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2015-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
    },
    {
      "name": "CVE-2015-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    },
    {
      "name": "CVE-2012-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
    },
    {
      "name": "CVE-2011-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0539"
    },
    {
      "name": "CVE-2015-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
    },
    {
      "name": "CVE-2010-4478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4478"
    },
    {
      "name": "CVE-2015-0285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
    },
    {
      "name": "CVE-2014-4478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4478"
    },
    {
      "name": "CVE-2015-3003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3003"
    },
    {
      "name": "CVE-2012-0814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0814"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2015-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2015-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
    },
    {
      "name": "CVE-2015-0289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2015-3005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3005"
    },
    {
      "name": "CVE-2014-8500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8500"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    },
    {
      "name": "CVE-2015-3006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3006"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-146",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10679 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10676 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10676"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10673 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10672 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10672"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10680 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10677 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10677"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10678 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10678"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10675 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10675"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10674 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10674"
    }
  ]
}

CERTFR-2015-AVI-173

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Oracle MySQL. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 2.3.19 et antérieures
Oracle	MySQL	Oracle MySQL Utilities versions 1.5.1 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.5.42 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.6.23 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.0.18 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.0.10 et antérieures
Oracle	MySQL	Oracle MySQL Connectors versions 5.1.34 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle du 14 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle MySQL Enterprise Monitor versions 2.3.19 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Utilities versions 1.5.1 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.5.42 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.6.23 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.0.18 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.0.10 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Connectors versions 5.1.34 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2567"
    },
    {
      "name": "CVE-2015-2576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2576"
    },
    {
      "name": "CVE-2015-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0433"
    },
    {
      "name": "CVE-2015-0498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0498"
    },
    {
      "name": "CVE-2015-0439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0439"
    },
    {
      "name": "CVE-2015-2571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2571"
    },
    {
      "name": "CVE-2015-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0506"
    },
    {
      "name": "CVE-2014-7809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7809"
    },
    {
      "name": "CVE-2015-0505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0505"
    },
    {
      "name": "CVE-2015-2568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2568"
    },
    {
      "name": "CVE-2015-2575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2575"
    },
    {
      "name": "CVE-2015-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0405"
    },
    {
      "name": "CVE-2015-0500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0500"
    },
    {
      "name": "CVE-2015-0438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0438"
    },
    {
      "name": "CVE-2015-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0511"
    },
    {
      "name": "CVE-2015-0441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0441"
    },
    {
      "name": "CVE-2015-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0508"
    },
    {
      "name": "CVE-2015-2573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2573"
    },
    {
      "name": "CVE-2014-0112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0112"
    },
    {
      "name": "CVE-2015-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0503"
    },
    {
      "name": "CVE-2015-2566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2566"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2015-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0423"
    },
    {
      "name": "CVE-2015-0499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0499"
    },
    {
      "name": "CVE-2015-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0501"
    },
    {
      "name": "CVE-2015-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0507"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-173",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle MySQL\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 14 avril 2015",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
    }
  ]
}

CERTFR-2016-AVI-303

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Citrix. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	XenServer	Citrix XenServer version 6.0 sans le correctif de sécurité XS60E063
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 3.39 pour solutions matérielles embarquées NetScaler MPX/SDX de type 11500/13500/14500/16500/18500/20500, 115xx, 17550/19550/20550/21550 et T1110, ainsi que CloudBridge CB4000 et CB5000
Citrix	XenServer	Citrix XenServer version 6.2 SP1 sans le correctif de sécurité XS62ESP1048
Citrix	XenServer	Citrix XenServer version 6.1 sans le correctif de sécurité XS61E073
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 4.08 pour solutions matérielles embarquées NetScaler MPX/SDX de type 14xxx, 25xxx, T1120 et T1300
Citrix	XenServer	Citrix XenServer version 6.0.2 Common Criteria sans le correctif de sécurité XS602ECC034
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 3.21 pour solutions matérielles embarquées NetScaler MPX/SDX de type 8xxx et T1010, ainsi que CloudBridge CB2000 et CB3000
Citrix	XenServer	Citrix XenServer version 6.0.2 sans le correctif de sécurité XS602E057
Citrix	XenServer	Citrix XenServer version 6.5 SP1 sans le correctif de sécurité XS65ESP1038
Citrix	XenServer	Citrix XenServer version 7.0 sans le correctif de sécurité XS70E012
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 3.24 pour solutions matérielles embarquées NetScaler de type 22xxx et T1200

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX216071 du 08 septembre 2016	None	vendor-advisory
Bulletin de sécurité Citrix CTX216642 du 08 septembre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix XenServer version 6.0 sans le correctif de s\u00e9curit\u00e9 XS60E063",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 3.39 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler MPX/SDX de type 11500/13500/14500/16500/18500/20500, 115xx, 17550/19550/20550/21550 et T1110, ainsi que CloudBridge CB4000 et CB5000",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.2 SP1 sans le correctif de s\u00e9curit\u00e9 XS62ESP1048",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.1 sans le correctif de s\u00e9curit\u00e9 XS61E073",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 4.08 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler MPX/SDX de type 14xxx, 25xxx, T1120 et T1300",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.0.2 Common Criteria sans le correctif de s\u00e9curit\u00e9 XS602ECC034",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 3.21 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler MPX/SDX de type 8xxx et T1010, ainsi que CloudBridge CB2000 et CB3000",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.0.2 sans le correctif de s\u00e9curit\u00e9 XS602E057",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.5 SP1 sans le correctif de s\u00e9curit\u00e9 XS65ESP1038",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 7.0 sans le correctif de s\u00e9curit\u00e9 XS70E012",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 3.24 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler de type 22xxx et T1200",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2016-7094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7094"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2013-4434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4434"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2016-7093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7093"
    },
    {
      "name": "CVE-2014-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3509"
    },
    {
      "name": "CVE-2015-4000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2016-7154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7154"
    },
    {
      "name": "CVE-2013-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3619"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2013-3622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3622"
    },
    {
      "name": "CVE-2014-3511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3511"
    },
    {
      "name": "CVE-2014-3568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3568"
    },
    {
      "name": "CVE-2016-7092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7092"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2013-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4421"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2013-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3608"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2013-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3620"
    },
    {
      "name": "CVE-2013-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3609"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3508"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2013-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3607"
    },
    {
      "name": "CVE-2013-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3621"
    },
    {
      "name": "CVE-2013-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3623"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-303",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Citrix\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX216071 du 08 septembre 2016",
      "url": "http://support.citrix.com/article/CTX216071"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX216642 du 08 septembre 2016",
      "url": "http://support.citrix.com/article/CTX216642"
    }
  ]
}

CERTFR-2015-AVI-008

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
OpenSSL	OpenSSL	OpenSSL 1.0.0 (versions antérieures à 1.0.0p)
OpenSSL	OpenSSL	OpenSSL 1.0.1 (versions antérieures à 1.0.1k)
OpenSSL	OpenSSL	OpenSSL 0.9.8 (versions antérieures à 0.9.8zd)

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 08 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL 1.0.0 (versions ant\u00e9rieures \u00e0 1.0.0p)",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 1.0.1 (versions ant\u00e9rieures \u00e0 1.0.1k)",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 0.9.8 (versions ant\u00e9rieures \u00e0 0.9.8zd)",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOpenSSL\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 08 janvier 2015",
      "url": "https://mta.opensslfoundation.net/pipermail/openssl-announce/2015-January/000007.html"
    }
  ]
}

CERTFR-2015-AVI-108

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20150310-ssl du 10 mars 2015	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20150310-ssl du 10 mars 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eDe multiples produits sont impact\u00e9s. Se r\u00e9f\u00e9rer au bulletin de  l\u0027\u00e9diteur pour la liste exhaustive des produits.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150310-ssl du 10 mars    2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
    }
  ],
  "reference": "CERTFR-2015-AVI-108",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150310-ssl du 10 mars 2015",
      "url": null
    }
  ]
}

CERTFR-2015-AVI-139

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple Macintosh OS X

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple APPLE-SA-2015-04-08-2 du 09 avril 2015	None	vendor-advisory
Bulletin de sécurité Apple APPLE-SA-2015-04-08-2 du 09 avril 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple Macintosh OS X\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3479"
    },
    {
      "name": "CVE-2015-1134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1134"
    },
    {
      "name": "CVE-2015-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1098"
    },
    {
      "name": "CVE-2014-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0238"
    },
    {
      "name": "CVE-2015-1132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1132"
    },
    {
      "name": "CVE-2014-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0207"
    },
    {
      "name": "CVE-2015-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1545"
    },
    {
      "name": "CVE-2014-0118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0118"
    },
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2015-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1117"
    },
    {
      "name": "CVE-2015-1131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1131"
    },
    {
      "name": "CVE-2014-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3669"
    },
    {
      "name": "CVE-2015-1136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1136"
    },
    {
      "name": "CVE-2015-1144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1144"
    },
    {
      "name": "CVE-2015-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1104"
    },
    {
      "name": "CVE-2015-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1105"
    },
    {
      "name": "CVE-2014-4380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4380"
    },
    {
      "name": "CVE-2014-5120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5120"
    },
    {
      "name": "CVE-2015-1146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1146"
    },
    {
      "name": "CVE-2014-3538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3538"
    },
    {
      "name": "CVE-2015-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1093"
    },
    {
      "name": "CVE-2015-1141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1141"
    },
    {
      "name": "CVE-2014-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0237"
    },
    {
      "name": "CVE-2014-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0117"
    },
    {
      "name": "CVE-2014-4405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4405"
    },
    {
      "name": "CVE-2015-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1102"
    },
    {
      "name": "CVE-2014-0098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
    },
    {
      "name": "CVE-2015-1137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1137"
    },
    {
      "name": "CVE-2014-2497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2497"
    },
    {
      "name": "CVE-2015-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1091"
    },
    {
      "name": "CVE-2015-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1100"
    },
    {
      "name": "CVE-2015-1133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1133"
    },
    {
      "name": "CVE-2014-4404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4404"
    },
    {
      "name": "CVE-2014-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3710"
    },
    {
      "name": "CVE-2015-1088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1088"
    },
    {
      "name": "CVE-2013-5704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5704"
    },
    {
      "name": "CVE-2014-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0231"
    },
    {
      "name": "CVE-2014-4670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4670"
    },
    {
      "name": "CVE-2015-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1099"
    },
    {
      "name": "CVE-2015-1138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1138"
    },
    {
      "name": "CVE-2014-8830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8830"
    },
    {
      "name": "CVE-2015-1145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1145"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-3480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3480"
    },
    {
      "name": "CVE-2014-3478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3478"
    },
    {
      "name": "CVE-2015-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1101"
    },
    {
      "name": "CVE-2015-1140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1140"
    },
    {
      "name": "CVE-2015-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1089"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-1546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1546"
    },
    {
      "name": "CVE-2014-4698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4698"
    },
    {
      "name": "CVE-2014-3668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3668"
    },
    {
      "name": "CVE-2015-1143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1143"
    },
    {
      "name": "CVE-2015-1130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1130"
    },
    {
      "name": "CVE-2013-6438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2014-3670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3670"
    },
    {
      "name": "CVE-2014-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3587"
    },
    {
      "name": "CVE-2015-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1135"
    },
    {
      "name": "CVE-2014-3487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3487"
    },
    {
      "name": "CVE-2014-4049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4049"
    },
    {
      "name": "CVE-2014-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3597"
    },
    {
      "name": "CVE-2014-3523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3523"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09    avril 2015",
      "url": "https://support.apple.com/en-us/HT204659"
    }
  ],
  "reference": "CERTFR-2015-AVI-139",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple Macintosh OS X\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.g\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Macintosh OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09 avril 2015",
      "url": null
    }
  ]
}

BDU:2015-09980

Vulnerability from fstec - Published: 16.04.2015

Title

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании

Description

Уязвимость системы управления базами данных MySQL в функции ssl23_get_client_hello в s23_srvr.c криптографической библиотеки OpenSSL, заключающаяся в некорректной реализации устаревших протоколов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании (разыменование нулевого указателя и аварийное завершение работы демона), используя нестандартные данные согласования

Severity ?

Vendor

Oracle Corp.

Software Name

MySQL

Software Version

от 5.6.0 до 5.6.23 (MySQL)

Possible Mitigations

Обновление программного обеспечения до версии 5.6.23 или более поздней

Reference

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 5.6.0 \u0434\u043e 5.6.23 (MySQL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.6.23 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.04.2015",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.05.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-09980",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2014-3569",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "MySQL",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Unix . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Unix . 32-bit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ssl23_get_client_hello \u0432 s23_srvr.c \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL, \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0430\u044f\u0441\u044f \u0432 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0445 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (\u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f \u0438 \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e\u0435 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u0435 \u0440\u0430\u0431\u043e\u0442\u044b \u0434\u0435\u043c\u043e\u043d\u0430), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043d\u0435\u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u0433\u043b\u0430\u0441\u043e\u0432\u0430\u043d\u0438\u044f",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL \n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3569 (GCVE-0-2014-3569)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature